Show zones and rules on the first page

firewalld/config

@@ -1 +1,2 @@
+firewall_cmd=firewall-cmd
 init_name=firewalld

firewalld/config.info

@@ -1 +1,2 @@
+firewall_cmd=Full path to firewall-cmd program,0
 init_name=FirewallD init script name,0

firewalld/firewalld-lib.pl

@@ -3,6 +3,9 @@
 # XXX longdesc
 # XXX makedist.pl
 # XXX integration with other modules?
+# XXX install_check
+# XXX set zones for interfaces
+# XXX detect use of firewalld in iptables modules
 
 BEGIN { push(@INC, ".."); };
 use strict;
@@ -13,5 +16,48 @@ do 'md5-lib.pl';
 our ($module_root_directory, %text, %config, %gconfig);
 our %access = &get_module_acl();
 
+# check_firewalld()
+# Returns an error message if firewalld is not installed, undef if all is OK
+sub check_firewalld
+{
+&has_command($config{'firewall_cmd'}) ||
+	return &text('check_ecmd', "<tt>".$config{'firewall_cmd'}."</tt>");
+return undef;
+}
+
+# is_firewalld_running()
+# Returns 1 if the server is running, 0 if not
+sub is_firewalld_running
+{
+my $ex = system("$config{'firewall_cmd'} --state >/dev/null 2>&1 </dev/null");
+return $ex ? 0 : 1;
+}
+
+# list_firewalld_zones()
+# Returns an array of firewalld zones, each of which is a hash ref with fields
+# like services and ports
+sub list_firewalld_zones
+{
+my @rv;
+my $out = &backquote_command("$config{'firewall_cmd'} --list-all-zones --permanent </dev/null 2>&1");
+if ($?) {
+	&error("Failed to list zones : $out");
+	}
+my $zone;
+foreach my $l (split(/\r?\n/, $out)) {
+	if ($l =~ /^(\S+)(\s+\(\S+\))?/) {
+		# New zone
+		$zone = { 'name' => $1,
+			  'default' => $2 ? 1 : 0 };
+		push(@rv, $zone);
+		}
+	elsif ($l =~ /^\s+(\S+):\s*(.*)/ && $zone) {
+		# Option in some zone
+		$zone->{$1} = [ split(/\s+/, $2) ];
+		}
+	}
+return @rv;
+}
+
 1;
 

firewalld/index.cgi

@@ -0,0 +1,96 @@
+#!/usr/local/bin/perl
+# Show all firewalld rules and zones
+
+use strict;
+use warnings;
+require 'firewalld-lib.pl';
+our (%in, %text, %config, %access, $base_remote_user);
+&ReadParse();
+&ui_print_header(undef, $text{'index_title'}, "", undef, 1, 1);
+
+# Is firewalld working?
+my $err = &check_firewalld();
+if ($err) {
+	&ui_print_endpage(&text('index_cerr', $err));
+	return;
+	}
+
+# Get rules and zones
+my @zones = &list_firewalld_zones();
+my $zone;
+if ($in{'zone'}) {
+	($zone) = grep { $_->{'name'} eq $in{'zone'} } @zones;
+	}
+else {
+	($zone) = grep { $_->{'default'} } @zones;
+	}
+print &ui_form_start("index.cgi");
+print "<b>$text{'index_zone'}</b> ",
+      &ui_select("zone", $zone->{'name'},
+		 [ map { $_->{'name'} } @zones ])," ",
+      &ui_submit($text{'index_zoneok'}),"<p>\n";
+print &ui_form_end();
+
+# Show allowed ports and services in this zone
+my @links = ( &ui_link("edit_port.cgi?new=1&zone=".&urlize($zone->{'name'}),
+		       $text{'index_padd'}),
+	      &ui_link("edit_serv.cgi?new=1&zone=".&urlize($zone->{'name'}),
+                       $text{'index_sadd'}) );
+if ($zone) {
+	my @tds = ( "width=5" );
+	unshift(@links, &select_all_link("d", 1),
+			&select_invert_link("d", 1));
+	print &ui_form_start("delete.cgi", "post");
+	print &ui_links_row(\@links);
+	print &ui_columns_start([ "", $text{'index_type'}, $text{'index_port'},
+				  $text{'index_proto'} ], 100, 0, \@tds);
+	foreach my $s (@{$zone->{'services'}}) {
+		print &ui_checked_columns_row([
+			$text{'index_tservice'},
+			$s,
+			"",
+			], \@tds, "d", "service/".$s);
+		}
+	foreach my $p (@{$zone->{'ports'}}) {
+		my ($port, $proto) = split(/\//, $p);
+		print &ui_checked_columns_row([
+			$text{'index_tport'},
+			$port,
+			uc($proto),
+			], \@tds, "d", "port/".$p);
+		}
+	print &ui_columns_end();
+	print &ui_links_row(\@links);
+	print &ui_form_end([ [ undef, $text{'index_delete'} ] ]);
+	}
+else {
+	print "<b>$text{'index_none'}</b> <p>\n";
+	print &ui_links_row(\@links);
+	}
+
+# Show start/apply buttons
+print &ui_hr();
+print &ui_buttons_start();
+my $ok = &is_firewalld_running();
+if ($ok) {
+	print &ui_buttons_row("restart.cgi", $text{'index_restart'},
+			      $text{'index_restartdesc'});
+	print &ui_buttons_row("stop.cgi", $text{'index_stop'},
+			      $text{'index_stopdesc'});
+	}
+else {
+	print &ui_buttons_row("start.cgi", $text{'index_start'},
+			      $text{'index_startdesc'});
+	}
+
+# Enable at boot
+&foreign_require("init");
+my $atboot = &init::action_status($config{'init_name'}) == 2 ? 1 : 0;
+print &ui_buttons_row("bootup.cgi", $text{'index_bootup'},
+		      $text{'index_bootupdesc'},
+		      undef,
+		      &ui_yesno_radio("boot", $atboot));
+
+print &ui_buttons_end();
+
+&ui_print_footer("/", $text{'index'});

firewalld/lang/en

@@ -1 +1,25 @@
 index_title=FirewallD
+index_atboot=Enable firewall at boot time?
+index_bootup=Activate at boot
+index_bootupdesc=Change this option to control whether your firewall is activated at boot time or not.
+index_apply=Apply Configuration
+index_applydesc=Click this button to make the firewall configuration listed above active. Any firewall rules currently in effect will be flushed and replaced 
+index_restart=Apply Configuration
+index_restartdesc=Activate all the rules listed above for all zones.
+index_start=Start FirewallD
+index_startdesc=Start the FirewallD server and apply the rules listed above.
+index_stop=Stop FirewallD
+index_stopdesc=Shut down the FirewallD server and remove all the rules listed above.
+index_cerr=The FirewallD module cannot be used : $1
+index_zone=Show rules in zone:
+index_zoneok=Change
+index_type=Rule type
+index_port=Port or service
+index_proto=Protocol
+index_tservice=Service
+index_tport=Port
+index_padd=Add port rule.
+index_sadd=Add service rule.
+index_delete=Delete Selected Rules
+
+check_ecmd=The FirewallD control command $1 was not found on your system