PATH:
usr
/
bin
#!/usr/bin/python2 -Es # -*- coding: utf-8 -*- # # Copyright (C) 2009-2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # Jiri Popelka <jpopelka@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # from gi.repository import GObject import sys sys.modules['gobject'] = GObject import argparse import os from firewall.client import FirewallClient, FirewallClientIPSetSettings, \ FirewallClientZoneSettings, FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings, FirewallClientHelperSettings from firewall.errors import FirewallError from firewall import errors from firewall.functions import joinArgs, splitArgs from firewall.core.fw_nm import nm_is_imported, \ nm_get_connection_of_interface, nm_get_zone_of_connection, \ nm_set_zone_of_connection, nm_get_interfaces_in_zone from firewall.core.io.zone import zone_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.command import FirewallCommand def __usage(): sys.stdout.write(""" Usage: firewall-cmd [OPTIONS...] General Options -h, --help Prints a short help text and exists -V, --version Print the version string of firewalld -q, --quiet Do not print status messages Status Options --state Return and print firewalld state --reload Reload firewall and keep state information --complete-reload Reload firewall and lose state information --runtime-to-permanent Create permanent from runtime configuration --check-config Check permanent configuration for errors Log Denied Options --get-log-denied Print the log denied value --set-log-denied=<value> Set log denied value Automatic Helpers Options --get-automatic-helpers Print the automatic helpers value --set-automatic-helpers=<value> Set automatic helpers value Permanent Options --permanent Set an option permanently Usable for options marked with [P] Zone Options --get-default-zone Print default zone for connections and interfaces --set-default-zone=<zone> Set default zone --get-active-zones Print currently active zones --get-zones Print predefined zones [P] --get-services Print predefined services [P] --get-icmptypes Print predefined icmptypes [P] --get-zone-of-interface=<interface> Print name of the zone the interface is bound to [P] --get-zone-of-source=<source>[/<mask>]|<MAC>|ipset:<ipset> Print name of the zone the source is bound to [P] --list-all-zones List everything added for or enabled in all zones [P] --new-zone=<zone> Add a new zone [P only] --new-zone-from-file=<filename> [--name=<zone>] Add a new zone from file with optional name [P only] --delete-zone=<zone> Delete an existing zone [P only] --load-zone-defaults=<zone> Load zone default settings [P only] [Z] --zone=<zone> Use this zone to set or query options, else default zone Usable for options marked with [Z] --get-target Get the zone target [P only] [Z] --set-target=<target> Set the zone target [P only] [Z] --info-zone=<zone> Print information about a zone --path-zone=<zone> Print file path of a zone [P only] IPSet Options --get-ipset-types Print the supported ipset types --new-ipset=<ipset> --type=<ipset type> [--option=<key>[=<value>]].. Add a new ipset [P only] --new-ipset-from-file=<filename> [--name=<ipset>] Add a new ipset from file with optional name [P only] --delete-ipset=<ipset> Delete an existing ipset [P only] --load-ipset-defaults=<ipset> Load ipset default settings [P only] --info-ipset=<ipset> Print information about an ipset --path-ipset=<ipset> Print file path of an ipset [P only] --get-ipsets Print predefined ipsets --ipset=<ipset> --set-description=<description> Set new description to ipset [P only] --ipset=<ipset> --get-description Print description for ipset [P only] --ipset=<ipset> --set-short=<description> Set new short description to ipset [P only] --ipset=<ipset> --get-short Print short description for ipset [P only] --ipset=<ipset> --add-entry=<entry> Add a new entry to an ipset [P] --ipset=<ipset> --remove-entry=<entry> Remove an entry from an ipset [P] --ipset=<ipset> --query-entry=<entry> Return whether ipset has an entry [P] --ipset=<ipset> --get-entries List entries of an ipset [P] --ipset=<ipset> --add-entries-from-file=<entry> Add a new entries to an ipset [P] --ipset=<ipset> --remove-entries-from-file=<entry> Remove entries from an ipset [P] IcmpType Options --new-icmptype=<icmptype> Add a new icmptype [P only] --new-icmptype-from-file=<filename> [--name=<icmptype>] Add a new icmptype from file with optional name [P only] --delete-icmptype=<icmptype> Delete an existing icmptype [P only] --load-icmptype-defaults=<icmptype> Load icmptype default settings [P only] --info-icmptype=<icmptype> Print information about an icmptype --path-icmptype=<icmptype> Print file path of an icmptype [P only] --icmptype=<icmptype> --set-description=<description> Set new description to icmptype [P only] --icmptype=<icmptype> --get-description Print description for icmptype [P only] --icmptype=<icmptype> --set-short=<description> Set new short description to icmptype [P only] --icmptype=<icmptype> --get-short Print short description for icmptype [P only] --icmptype=<icmptype> --add-destination=<ipv> Enable destination for ipv in icmptype [P only] --icmptype=<icmptype> --remove-destination=<ipv> Disable destination for ipv in icmptype [P only] --icmptype=<icmptype> --query-destination=<ipv> Return whether destination ipv is enabled in icmptype [P only] --icmptype=<icmptype> --get-destinations List destinations in icmptype [P only] Service Options --new-service=<service> Add a new service [P only] --new-service-from-file=<filename> [--name=<service>] Add a new service from file with optional name [P only] --delete-service=<service> Delete an existing service [P only] --load-service-defaults=<service> Load icmptype default settings [P only] --info-service=<service> Print information about a service --path-service=<service> Print file path of a service [P only] --service=<service> --set-description=<description> Set new description to service [P only] --service=<service> --get-description Print description for service [P only] --service=<service> --set-short=<description> Set new short description to service [P only] --service=<service> --get-short Print short description for service [P only] --service=<service> --add-port=<portid>[-<portid>]/<protocol> Add a new port to service [P only] --service=<service> --remove-port=<portid>[-<portid>]/<protocol> Remove a port from service [P only] --service=<service> --query-port=<portid>[-<portid>]/<protocol> Return whether the port has been added for service [P only] --service=<service> --get-ports List ports of service [P only] --service=<service> --add-protocol=<protocol> Add a new protocol to service [P only] --service=<service> --remove-protocol=<protocol> Remove a protocol from service [P only] --service=<service> --query-protocol=<protocol> Return whether the protocol has been added for service [P only] --service=<service> --get-protocols List protocols of service [P only] --service=<service> --add-source-port=<portid>[-<portid>]/<protocol> Add a new source port to service [P only] --service=<service> --remove-source-port=<portid>[-<portid>]/<protocol> Remove a source port from service [P only] --service=<service> --query-source-port=<portid>[-<portid>]/<protocol> Return whether the source port has been added for service [P only] --service=<service> --get-source-ports List source ports of service [P only] --service=<service> --add-module=<module> Add a new module to service [P only] --service=<service> --remove-module=<module> Remove a module from service [P only] --service=<service> --query-module=<module> Return whether the module has been added for service [P only] --service=<service> --get-modules List modules of service [P only] --service=<service> --set-destination=<ipv>:<address>[/<mask>] Set destination for ipv to address in service [P only] --service=<service> --remove-destination=<ipv> Disable destination for ipv i service [P only] --service=<service> --query-destination=<ipv>:<address>[/<mask>] Return whether destination ipv is set for service [P only] --service=<service> --get-destinations List destinations in service [P only] Options to Adapt and Query Zones --list-all List everything added for or enabled in a zone [P] [Z] --list-services List services added for a zone [P] [Z] --timeout=<timeval> Enable an option for timeval time, where timeval is a number followed by one of letters 's' or 'm' or 'h' Usable for options marked with [T] --set-description=<description> Set new description to zone [P only] [Z] --get-description Print description for zone [P only] [Z] --set-short=<description> Set new short description to zone [P only] [Z] --get-short Print short description for zone [P only] [Z] --add-service=<service> Add a service for a zone [P] [Z] [T] --remove-service=<service> Remove a service from a zone [P] [Z] --query-service=<service> Return whether service has been added for a zone [P] [Z] --list-ports List ports added for a zone [P] [Z] --add-port=<portid>[-<portid>]/<protocol> Add the port for a zone [P] [Z] [T] --remove-port=<portid>[-<portid>]/<protocol> Remove the port from a zone [P] [Z] --query-port=<portid>[-<portid>]/<protocol> Return whether the port has been added for zone [P] [Z] --list-protocols List protocols added for a zone [P] [Z] --add-protocol=<protocol> Add the protocol for a zone [P] [Z] [T] --remove-protocol=<protocol> Remove the protocol from a zone [P] [Z] --query-protocol=<protocol> Return whether the protocol has been added for zone [P] [Z] --list-source-ports List source ports added for a zone [P] [Z] --add-source-port=<portid>[-<portid>]/<protocol> Add the source port for a zone [P] [Z] [T] --remove-source-port=<portid>[-<portid>]/<protocol> Remove the source port from a zone [P] [Z] --query-source-port=<portid>[-<portid>]/<protocol> Return whether the source port has been added for zone [P] [Z] --list-icmp-blocks List Internet ICMP type blocks added for a zone [P] [Z] --add-icmp-block=<icmptype> Add an ICMP block for a zone [P] [Z] [T] --remove-icmp-block=<icmptype> Remove the ICMP block from a zone [P] [Z] --query-icmp-block=<icmptype> Return whether an ICMP block has been added for a zone [P] [Z] --add-icmp-block-inversion Enable inversion of icmp blocks for a zone [P] [Z] --remove-icmp-block-inversion Disable inversion of icmp blocks for a zone [P] [Z] --query-icmp-block-inversion Return whether inversion of icmp blocks has been enabled for a zone [P] [Z] --list-forward-ports List IPv4 forward ports added for a zone [P] [Z] --add-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]] Add the IPv4 forward port for a zone [P] [Z] [T] --remove-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]] Remove the IPv4 forward port from a zone [P] [Z] --query-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]] Return whether the IPv4 forward port has been added for a zone [P] [Z] --add-masquerade Enable IPv4 masquerade for a zone [P] [Z] [T] --remove-masquerade Disable IPv4 masquerade for a zone [P] [Z] --query-masquerade Return whether IPv4 masquerading has been enabled for a zone [P] [Z] --list-rich-rules List rich language rules added for a zone [P] [Z] --add-rich-rule=<rule> Add rich language rule 'rule' for a zone [P] [Z] [T] --remove-rich-rule=<rule> Remove rich language rule 'rule' from a zone [P] [Z] --query-rich-rule=<rule> Return whether a rich language rule 'rule' has been added for a zone [P] [Z] Options to Handle Bindings of Interfaces --list-interfaces List interfaces that are bound to a zone [P] [Z] --add-interface=<interface> Bind the <interface> to a zone [P] [Z] --change-interface=<interface> Change zone the <interface> is bound to [P] [Z] --query-interface=<interface> Query whether <interface> is bound to a zone [P] [Z] --remove-interface=<interface> Remove binding of <interface> from a zone [P] [Z] Options to Handle Bindings of Sources --list-sources List sources that are bound to a zone [P] [Z] --add-source=<source>[/<mask>]|<MAC>|ipset:<ipset> Bind the source to a zone [P] [Z] --change-source=<source>[/<mask>]|<MAC>|ipset:<ipset> Change zone the source is bound to [Z] --query-source=<source>[/<mask>]|<MAC>|ipset:<ipset> Query whether the source is bound to a zone [P] [Z] --remove-source=<source>[/<mask>]|<MAC>|ipset:<ipset> Remove binding of the source from a zone [P] [Z] Helper Options --new-helper=<helper> --module=<module> [--family=<family>] Add a new helper [P only] --new-helper-from-file=<filename> [--name=<helper>] Add a new helper from file with optional name [P only] --delete-helper=<helper> Delete an existing helper [P only] --load-helper-defaults=<helper> Load helper default settings [P only] --info-helper=<helper> Print information about an helper --path-helper=<helper> Print file path of an helper [P only] --get-helpers Print predefined helpers --helper=<helper> --set-description=<description> Set new description to helper [P only] --helper=<helper> --get-description Print description for helper [P only] --helper=<helper> --set-short=<description> Set new short description to helper [P only] --helper=<helper> --get-short Print short description for helper [P only] --helper=<helper> --add-port=<portid>[-<portid>]/<protocol> Add a new port to helper [P only] --helper=<helper> --remove-port=<portid>[-<portid>]/<protocol> Remove a port from helper [P only] --helper=<helper> --query-port=<portid>[-<portid>]/<protocol> Return whether the port has been added for helper [P only] --helper=<helper> --get-ports List ports of helper [P only] --helper=<helper> --set-module=<module> Set module to helper [P only] --helper=<helper> --get-module Get module from helper [P only] --helper=<helper> --set-family={ipv4|ipv6|} Set family for helper [P only] --helper=<helper> --get-family Get module from helper [P only] Direct Options --direct First option for all direct options --get-all-chains Get all chains [P] --get-chains {ipv4|ipv6|eb} <table> Get all chains added to the table [P] --add-chain {ipv4|ipv6|eb} <table> <chain> Add a new chain to the table [P] --remove-chain {ipv4|ipv6|eb} <table> <chain> Remove the chain from the table [P] --query-chain {ipv4|ipv6|eb} <table> <chain> Return whether the chain has been added to the table [P] --get-all-rules Get all rules [P] --get-rules {ipv4|ipv6|eb} <table> <chain> Get all rules added to chain in table [P] --add-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>... Add rule to chain in table [P] --remove-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>... Remove rule with priority from chain in table [P] --remove-rules {ipv4|ipv6|eb} <table> <chain> Remove rules from chain in table [P] --query-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>... Return whether a rule with priority has been added to chain in table [P] --passthrough {ipv4|ipv6|eb} <arg>... Pass a command through (untracked by firewalld) --get-all-passthroughs Get all tracked passthrough rules [P] --get-passthroughs {ipv4|ipv6|eb} <arg>... Get tracked passthrough rules [P] --add-passthrough {ipv4|ipv6|eb} <arg>... Add a new tracked passthrough rule [P] --remove-passthrough {ipv4|ipv6|eb} <arg>... Remove a tracked passthrough rule [P] --query-passthrough {ipv4|ipv6|eb} <arg>... Return whether the tracked passthrough rule has been added [P] Lockdown Options --lockdown-on Enable lockdown. --lockdown-off Disable lockdown. --query-lockdown Query whether lockdown is enabled Lockdown Whitelist Options --list-lockdown-whitelist-commands List all command lines that are on the whitelist [P] --add-lockdown-whitelist-command=<command> Add the command to the whitelist [P] --remove-lockdown-whitelist-command=<command> Remove the command from the whitelist [P] --query-lockdown-whitelist-command=<command> Query whether the command is on the whitelist [P] --list-lockdown-whitelist-contexts List all contexts that are on the whitelist [P] --add-lockdown-whitelist-context=<context> Add the context context to the whitelist [P] --remove-lockdown-whitelist-context=<context> Remove the context from the whitelist [P] --query-lockdown-whitelist-context=<context> Query whether the context is on the whitelist [P] --list-lockdown-whitelist-uids List all user ids that are on the whitelist [P] --add-lockdown-whitelist-uid=<uid> Add the user id uid to the whitelist [P] --remove-lockdown-whitelist-uid=<uid> Remove the user id uid from the whitelist [P] --query-lockdown-whitelist-uid=<uid> Query whether the user id uid is on the whitelist [P] --list-lockdown-whitelist-users List all user names that are on the whitelist [P] --add-lockdown-whitelist-user=<user> Add the user name user to the whitelist [P] --remove-lockdown-whitelist-user=<user> Remove the user name user from the whitelist [P] --query-lockdown-whitelist-user=<user> Query whether the user name user is on the whitelist [P] Panic Options --panic-on Enable panic mode --panic-off Disable panic mode --query-panic Query whether panic mode is enabled """) def try_set_zone_of_interface(_zone, interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: if _zone == nm_get_zone_of_connection(connection): if _zone == "": cmd.print_warning("The interface is under control of NetworkManager and already bound to the default zone") else: cmd.print_warning("The interface is under control of NetworkManager and already bound to '%s'" % _zone) if _zone == "": cmd.print_msg("The interface is under control of NetworkManager, setting zone to default.") else: cmd.print_msg("The interface is under control of NetworkManager, setting zone to '%s'." % _zone) nm_set_zone_of_connection(_zone, connection) return True return False def try_get_zone_of_interface(interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: return nm_get_zone_of_connection(connection) return False def try_nm_get_interfaces_in_zone(zone): if nm_is_imported(): try: return nm_get_interfaces_in_zone(zone) except Exception: pass return [] parser = argparse.ArgumentParser(usage="see firewall-cmd man page", add_help=False) parser_group_output = parser.add_mutually_exclusive_group() parser_group_output.add_argument("-v", "--verbose", action="store_true") parser_group_output.add_argument("-q", "--quiet", action="store_true") parser_group_standalone = parser.add_mutually_exclusive_group() parser_group_standalone.add_argument("-h", "--help", action="store_true") parser_group_standalone.add_argument("-V", "--version", action="store_true") parser_group_standalone.add_argument("--state", action="store_true") parser_group_standalone.add_argument("--reload", action="store_true") parser_group_standalone.add_argument("--complete-reload", action="store_true") parser_group_standalone.add_argument("--runtime-to-permanent", action="store_true") parser_group_standalone.add_argument("--check-config", action="store_true") parser_group_standalone.add_argument("--get-ipset-types", action="store_true") parser_group_standalone.add_argument("--get-log-denied", action="store_true") parser_group_standalone.add_argument("--set-log-denied", metavar="<value>") parser_group_standalone.add_argument("--get-automatic-helpers", action="store_true") parser_group_standalone.add_argument("--set-automatic-helpers", metavar="<value>") parser_group_standalone.add_argument("--panic-on", action="store_true") parser_group_standalone.add_argument("--panic-off", action="store_true") parser_group_standalone.add_argument("--query-panic", action="store_true") parser_group_standalone.add_argument("--lockdown-on", action="store_true") parser_group_standalone.add_argument("--lockdown-off", action="store_true") parser_group_standalone.add_argument("--query-lockdown", action="store_true") parser_group_standalone.add_argument("--get-default-zone", action="store_true") parser_group_standalone.add_argument("--set-default-zone", metavar="<zone>") parser_group_standalone.add_argument("--get-zones", action="store_true") parser_group_standalone.add_argument("--get-services", action="store_true") parser_group_standalone.add_argument("--get-icmptypes", action="store_true") parser_group_standalone.add_argument("--get-active-zones", action="store_true") parser_group_standalone.add_argument("--get-zone-of-interface", metavar="<iface>", action='append') parser_group_standalone.add_argument("--get-zone-of-source", metavar="<source>", action='append') parser_group_standalone.add_argument("--list-all-zones", action="store_true") parser_group_standalone.add_argument("--info-zone", metavar="<zone>") parser_group_standalone.add_argument("--info-service", metavar="<service>") parser_group_standalone.add_argument("--info-icmptype", metavar="<icmptype>") parser_group_standalone.add_argument("--info-ipset", metavar="<ipset>") parser_group_standalone.add_argument("--info-helper", metavar="<helper>") parser_group_config = parser.add_mutually_exclusive_group() parser_group_config.add_argument("--new-icmptype", metavar="<icmptype>") parser_group_config.add_argument("--new-icmptype-from-file", metavar="<filename>") parser_group_config.add_argument("--delete-icmptype", metavar="<icmptype>") parser_group_config.add_argument("--load-icmptype-defaults", metavar="<icmptype>") parser_group_config.add_argument("--new-service", metavar="<service>") parser_group_config.add_argument("--new-service-from-file", metavar="<filename>") parser_group_config.add_argument("--delete-service", metavar="<service>") parser_group_config.add_argument("--load-service-defaults", metavar="<service>") parser_group_config.add_argument("--new-zone", metavar="<zone>") parser_group_config.add_argument("--new-zone-from-file", metavar="<filename>") parser_group_config.add_argument("--delete-zone", metavar="<zone>") parser_group_config.add_argument("--load-zone-defaults", metavar="<zone>") parser_group_config.add_argument("--new-ipset", metavar="<ipset>") parser_group_config.add_argument("--new-ipset-from-file", metavar="<filename>") parser_group_config.add_argument("--delete-ipset", metavar="<ipset>") parser_group_config.add_argument("--load-ipset-defaults", metavar="<ipset>") parser_group_config.add_argument("--new-helper", metavar="<helper>") parser_group_config.add_argument("--new-helper-from-file", metavar="<filename>") parser_group_config.add_argument("--delete-helper", metavar="<helper>") parser_group_config.add_argument("--load-helper-defaults", metavar="<helper>") parser_group_config.add_argument("--path-zone", metavar="<zone>") parser_group_config.add_argument("--path-service", metavar="<service>") parser_group_config.add_argument("--path-icmptype", metavar="<icmptype>") parser_group_config.add_argument("--path-ipset", metavar="<ipset>") parser_group_config.add_argument("--path-helper", metavar="<helper>") parser.add_argument("--name", default="", metavar="<name>") parser_group_lockdown_whitelist = parser.add_mutually_exclusive_group() parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-commands", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-command", metavar="<command>", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-command", metavar="<command>", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-command", metavar="<command>", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-contexts", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-context", metavar="<context>", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-context", metavar="<context>", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-context", metavar="<context>", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-uids", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-uid", metavar="<uid>", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-uid", metavar="<uid>", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-uid", metavar="<uid>", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-users", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-user", metavar="<user>", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-user", metavar="<user>", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-user", metavar="<user>", action='append') parser.add_argument("--permanent", action="store_true") parser.add_argument("--zone", default="", metavar="<zone>") parser.add_argument("--timeout", default="0", metavar="<seconds>") parser_group_zone = parser.add_mutually_exclusive_group() parser_group_zone.add_argument("--add-interface", metavar="<iface>", action='append') parser_group_zone.add_argument("--remove-interface", metavar="<iface>", action='append') parser_group_zone.add_argument("--query-interface", metavar="<iface>", action='append') parser_group_zone.add_argument("--change-interface", "--change-zone", metavar="<iface>", action='append') parser_group_zone.add_argument("--list-interfaces", action="store_true") parser_group_zone.add_argument("--add-source", metavar="<source>", action='append') parser_group_zone.add_argument("--remove-source", metavar="<source>", action='append') parser_group_zone.add_argument("--query-source", metavar="<source>", action='append') parser_group_zone.add_argument("--change-source", metavar="<source>", action='append') parser_group_zone.add_argument("--list-sources", action="store_true") parser_group_zone.add_argument("--add-rich-rule", metavar="<rule>", action='append') parser_group_zone.add_argument("--remove-rich-rule", metavar="<rule>", action='append') parser_group_zone.add_argument("--query-rich-rule", metavar="<rule>", action='append') parser_group_zone.add_argument("--add-service", metavar="<service>", action='append') parser_group_zone.add_argument("--remove-service", metavar="<zone>", action='append') parser_group_zone.add_argument("--query-service", metavar="<zone>", action='append') parser_group_zone.add_argument("--add-port", metavar="<port>", action='append') parser_group_zone.add_argument("--remove-port", metavar="<port>", action='append') parser_group_zone.add_argument("--query-port", metavar="<port>", action='append') parser_group_zone.add_argument("--add-protocol", metavar="<protocol>", action='append') parser_group_zone.add_argument("--remove-protocol", metavar="<protocol>", action='append') parser_group_zone.add_argument("--query-protocol", metavar="<protocol>", action='append') parser_group_zone.add_argument("--add-source-port", metavar="<port>", action='append') parser_group_zone.add_argument("--remove-source-port", metavar="<port>", action='append') parser_group_zone.add_argument("--query-source-port", metavar="<port>", action='append') parser_group_zone.add_argument("--add-masquerade", action="store_true") parser_group_zone.add_argument("--remove-masquerade", action="store_true") parser_group_zone.add_argument("--query-masquerade", action="store_true") parser_group_zone.add_argument("--add-icmp-block", metavar="<icmptype>", action='append') parser_group_zone.add_argument("--remove-icmp-block", metavar="<icmptype>", action='append') parser_group_zone.add_argument("--query-icmp-block", metavar="<icmptype>", action='append') parser_group_zone.add_argument("--add-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--remove-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--query-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--add-forward-port", metavar="<port>", action='append') parser_group_zone.add_argument("--remove-forward-port", metavar="<port>", action='append') parser_group_zone.add_argument("--query-forward-port", metavar="<port>", action='append') parser_group_zone.add_argument("--list-rich-rules", action="store_true") parser_group_zone.add_argument("--list-services", action="store_true") parser_group_zone.add_argument("--list-ports", action="store_true") parser_group_zone.add_argument("--list-protocols", action="store_true") parser_group_zone.add_argument("--list-icmp-blocks", action="store_true") parser_group_zone.add_argument("--list-forward-ports", action="store_true") parser_group_zone.add_argument("--list-source-ports", action="store_true") parser_group_zone.add_argument("--list-all", action="store_true") parser_group_zone.add_argument("--get-target", action="store_true") parser_group_zone.add_argument("--set-target", metavar="<target>") parser.add_argument("--option", metavar="<key>[=<value>]", action='append') parser.add_argument("--type", metavar="<ipsettype>") parser.add_argument("--ipset", metavar="<ipset>") parser_ipset = parser.add_mutually_exclusive_group() #parser_ipset.add_argument("--add-option", metavar="<key>[=<value>]") #parser_ipset.add_argument("--remove-option", metavar="<key>[=<value>]") #parser_ipset.add_argument("--query-option", metavar="<key>[=<value>]") #parser_ipset.add_argument("--get-options", action="store_true") parser_ipset.add_argument("--get-ipsets", action="store_true") parser_ipset.add_argument("--add-entry", metavar="<entry>", action='append') parser_ipset.add_argument("--remove-entry", metavar="<entry>", action='append') parser_ipset.add_argument("--query-entry", metavar="<entry>", action='append') parser_ipset.add_argument("--get-entries", action="store_true") parser_ipset.add_argument("--add-entries-from-file", metavar="<filename>", action='append') parser_ipset.add_argument("--remove-entries-from-file", metavar="<filename>", action='append') parser.add_argument("--icmptype", metavar="<icmptype>") parser_icmptype = parser.add_mutually_exclusive_group() parser_icmptype.add_argument("--add-destination", metavar="<ipv>", action='append') parser_icmptype.add_argument("--remove-destination", metavar="<ipv>", action='append') parser_icmptype.add_argument("--query-destination", metavar="<ipv>", action='append') parser_icmptype.add_argument("--get-destinations", action="store_true") parser.add_argument("--service", metavar="<service>") parser_service = parser.add_mutually_exclusive_group() parser_service.add_argument("--get-ports", action="store_true") parser_service.add_argument("--get-source-ports", action="store_true") parser_service.add_argument("--get-protocols", action="store_true") parser_service.add_argument("--add-module", metavar="<module>", action='append') parser_service.add_argument("--remove-module", metavar="<module>", action='append') parser_service.add_argument("--query-module", metavar="<module>", action='append') parser_service.add_argument("--get-modules", action="store_true") parser_service.add_argument("--set-destination", metavar="<destination>", action='append') parser_service.add_argument("--get-destination", action="store_true") parser_service.add_argument("--set-description", metavar="<description>") parser_service.add_argument("--get-description", action="store_true") parser_service.add_argument("--set-short", metavar="<description>") parser_service.add_argument("--get-short", action="store_true") parser.add_argument("--helper", metavar="<helper>") parser.add_argument("--family", metavar="<family>") parser.add_argument("--module", metavar="<module>") parser_helper = parser.add_mutually_exclusive_group() #parser_helper.add_argument("--get-ports", action="store_true") parser_helper.add_argument("--get-helpers", action="store_true") parser_helper.add_argument("--set-module", metavar="<module>") parser_helper.add_argument("--get-module", action="store_true") #parser_helper.add_argument("--query-module", metavar="<module>") parser_helper.add_argument("--set-family", metavar="<family>|''", nargs="*") parser_helper.add_argument("--get-family", action="store_true") parser.add_argument("--direct", action="store_true") # not possible to have sequences of options here parser_direct = parser.add_mutually_exclusive_group() parser_direct.add_argument("--passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<args>")) parser_direct.add_argument("--add-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<args>")) parser_direct.add_argument("--remove-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<args>")) parser_direct.add_argument("--query-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<args>")) parser_direct.add_argument("--get-passthroughs", nargs=1, metavar=("{ ipv4 | ipv6 | eb }")) parser_direct.add_argument("--get-all-passthroughs", action="store_true") parser_direct.add_argument("--add-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>")) parser_direct.add_argument("--remove-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>")) parser_direct.add_argument("--query-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>")) parser_direct.add_argument("--get-all-chains", action="store_true") parser_direct.add_argument("--get-chains", nargs=2, metavar=("{ ipv4 | ipv6 | eb }", "<table>")) parser_direct.add_argument("--add-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>")) parser_direct.add_argument("--remove-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>")) parser_direct.add_argument("--remove-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain>")) parser_direct.add_argument("--query-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>")) parser_direct.add_argument("--get-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>")) parser_direct.add_argument("--get-all-rules", action="store_true") ############################################################################## args = sys.argv[1:] if len(sys.argv) > 1: i = -1 if '--passthrough' in args: i = args.index('--passthrough') + 1 elif '--add-passthrough' in args: i = args.index('--add-passthrough') + 1 elif '--remove-passthrough' in args: i = args.index('--remove-passthrough') + 1 elif '--query-passthrough' in args: i = args.index('--query-passthrough') + 1 elif '--add-rule' in args: i = args.index('--add-rule') + 4 elif '--remove-rule' in args: i = args.index('--remove-rule') + 4 elif '--query-rule' in args: i = args.index('--query-rule') + 4 # join <args> into one argument to prevent parser from parsing each iptables # option, because they can conflict with firewall-cmd options # # e.g. --delete (iptables) and --delete-* (firewall-cmd) if (i > -1) and (i < len(args) - 1): aux_args = args[:] args = aux_args[:i+1] # all but not <args> args.append(joinArgs(aux_args[i+1:])) # add <args> as one arg a = parser.parse_args(args) options_standalone = a.help or a.version or \ a.state or a.reload or a.complete_reload or a.runtime_to_permanent or \ a.panic_on or a.panic_off or a.query_panic or \ a.lockdown_on or a.lockdown_off or a.query_lockdown or \ a.get_default_zone or a.set_default_zone or \ a.get_active_zones or a.get_ipset_types or \ a.get_log_denied or a.set_log_denied or \ a.get_automatic_helpers or a.set_automatic_helpers or a.check_config options_desc_xml_file = a.set_description or a.get_description or \ a.set_short or a.get_short options_lockdown_whitelist = \ a.list_lockdown_whitelist_commands or a.add_lockdown_whitelist_command or \ a.remove_lockdown_whitelist_command or \ a.query_lockdown_whitelist_command or \ a.list_lockdown_whitelist_contexts or a.add_lockdown_whitelist_context or \ a.remove_lockdown_whitelist_context or \ a.query_lockdown_whitelist_context or \ a.list_lockdown_whitelist_uids or a.add_lockdown_whitelist_uid is not None or \ a.remove_lockdown_whitelist_uid is not None or \ a.query_lockdown_whitelist_uid is not None or \ a.list_lockdown_whitelist_users or a.add_lockdown_whitelist_user or \ a.remove_lockdown_whitelist_user or \ a.query_lockdown_whitelist_user options_config = a.get_zones or a.get_services or a.get_icmptypes or \ options_lockdown_whitelist or a.list_all_zones or \ a.get_zone_of_interface or a.get_zone_of_source or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.info_helper or \ a.get_helpers options_zone_action_action = \ a.add_service or a.remove_service or a.query_service or \ a.add_port or a.remove_port or a.query_port or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.add_source_port or a.remove_source_port or a.query_source_port or \ a.add_icmp_block or a.remove_icmp_block or a.query_icmp_block or \ a.add_forward_port or a.remove_forward_port or a.query_forward_port options_zone_interfaces_sources = \ a.list_interfaces or a.change_interface or \ a.add_interface or a.remove_interface or a.query_interface or \ a.list_sources or a.change_source or \ a.add_source or a.remove_source or a.query_source options_zone_adapt_query = \ a.add_rich_rule or a.remove_rich_rule or a.query_rich_rule or \ a.add_masquerade or a.remove_masquerade or a.query_masquerade or \ a.list_services or a.list_ports or a.list_protocols or \ a.list_source_ports or \ a.list_icmp_blocks or a.list_forward_ports or a.list_rich_rules or \ a.add_icmp_block_inversion or a.remove_icmp_block_inversion or \ a.query_icmp_block_inversion or \ a.list_all or a.get_target or a.set_target options_zone_ops = options_zone_interfaces_sources or \ options_zone_action_action or options_zone_adapt_query options_zone = a.zone or a.timeout != "0" or options_zone_ops or \ options_desc_xml_file options_ipset = a.add_entry or a.remove_entry or a.query_entry or \ a.get_entries or a.add_entries_from_file or \ a.remove_entries_from_file or options_desc_xml_file options_icmptype = a.add_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file options_service = a.add_port or a.remove_port or a.query_port or \ a.get_ports or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.get_protocols or \ a.add_source_port or a.remove_source_port or \ a.query_source_port or a.get_source_ports or \ a.add_module or a.remove_module or a.query_module or \ a.get_modules or \ a.set_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file options_helper = a.add_port or a.remove_port or a.query_port or \ a.get_ports or a.set_module or a.get_module or \ a.set_family or a.get_family or \ options_desc_xml_file options_permanent = a.permanent or options_config or \ a.zone or options_zone_ops or \ a.ipset or options_ipset or \ a.helper or options_helper options_permanent_only = a.new_icmptype or a.delete_icmptype or \ a.new_icmptype_from_file or \ a.load_icmptype_defaults or \ a.new_service or a.delete_service or \ a.new_service_from_file or \ a.load_service_defaults or \ a.new_zone or a.delete_zone or \ a.new_zone_from_file or \ a.load_zone_defaults or \ a.new_ipset or a.delete_ipset or \ a.new_ipset_from_file or \ a.load_ipset_defaults or \ a.new_helper or a.delete_helper or \ a.new_helper_from_file or \ a.load_helper_defaults or \ (a.icmptype and options_icmptype) or \ (a.service and options_service) or \ (a.helper and options_helper) or \ a.path_zone or a.path_icmptype or a.path_service or \ a.path_ipset or a.path_helper or options_desc_xml_file options_direct = a.passthrough or \ a.add_chain or a.remove_chain or a.query_chain or \ a.get_chains or a.get_all_chains or \ a.add_rule or a.remove_rule or a.remove_rules or a.query_rule or \ a.get_rules or a.get_all_rules or \ a.add_passthrough or a.remove_passthrough or a.query_passthrough or \ a.get_passthroughs or a.get_all_passthroughs options_require_permanent = options_permanent_only or \ a.get_target or a.set_target # these are supposed to only write out some output options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \ a.list_lockdown_whitelist_commands or a.list_lockdown_whitelist_contexts or \ a.list_lockdown_whitelist_uids or a.list_lockdown_whitelist_users or \ a.list_services or a.list_ports or a.list_protocols or a.list_icmp_blocks or \ a.list_forward_ports or a.list_rich_rules or a.list_interfaces or \ a.list_sources or a.get_default_zone or a.get_active_zones or \ a.get_zone_of_interface or a.get_zone_of_source or a.get_zones or \ a.get_services or a.get_icmptypes or a.get_target or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.get_entries or \ a.info_helper or a.get_helpers or \ a.get_destinations or a.get_description # Set quiet and verbose cmd = FirewallCommand(a.quiet, a.verbose) def myexcepthook(exctype, value, traceback): cmd.exception_handler(str(value)) sys.excepthook = myexcepthook # Check various impossible combinations of options if not (options_standalone or options_ipset or \ options_icmptype or options_service or options_helper or \ options_config or options_zone_ops or \ options_direct or options_permanent_only): cmd.fail(parser.format_usage() + "No option specified.") if options_standalone and (options_zone or options_permanent or \ options_direct or options_permanent_only or\ options_ipset): cmd.fail(parser.format_usage() + "Can't use stand-alone options with other options.") if options_ipset and not options_desc_xml_file and not a.ipset: cmd.fail(parser.format_usage() + "No ipset specified.") if (options_icmptype and not a.icmptype) and \ not (options_service and a.service) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No icmptype specified.") if (options_helper and not a.helper) and \ not (options_service and a.service) and \ not options_zone and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No helper specified.") if (options_direct or options_permanent_only) and \ (options_zone and not a.zone) and (options_service and not a.service) and \ (options_icmptype and a.icmptype) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "Can't be used with --zone.") if (a.direct and not options_direct) or (options_direct and not a.direct): cmd.fail(parser.format_usage() + "Wrong usage of 'direct' options.") if a.name and not (a.new_zone_from_file or a.new_service_from_file or \ a.new_ipset_from_file or a.new_icmptype_from_file or \ a.new_helper_from_file): cmd.fail(parser.format_usage() + "Wrong usage of '--name' option.") if options_require_permanent and not a.permanent: cmd.fail(parser.format_usage() + "Option can be used only with --permanent.") if options_config and options_zone: cmd.fail(parser.format_usage() + "Wrong usage of --get-zones | --get-services | --get-icmptypes.") if a.timeout != "0": value = 0 unit = 's' if len(a.timeout) < 1: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) == 1: if a.timeout.isdigit(): value = int (a.timeout[0]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) > 1: if a.timeout.isdigit(): value = int(a.timeout) unit = 's' else: if a.timeout[:-1].isdigit(): value = int (a.timeout[:-1]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) unit = a.timeout[-1:].lower() if unit == 's': a.timeout = value elif unit == 'm': a.timeout = value * 60 elif unit == 'h': a.timeout = value * 60 * 60 else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) else: a.timeout = 0 if a.timeout and not (a.add_service or a.add_port or a.add_protocol or \ a.add_icmp_block or a.add_forward_port or \ a.add_source_port or a.add_masquerade or a.add_rich_rule): cmd.fail(parser.format_usage() + "Wrong --timeout usage") if a.permanent: if a.timeout: cmd.fail(parser.format_usage() + "Can't specify timeout for permanent action.") if options_config and not a.zone: pass elif options_permanent: pass else: cmd.fail(parser.format_usage() + "Wrong --permanent usage.") if a.quiet and options_list_get: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.help: __usage() sys.exit(0) zone = a.zone try: fw = FirewallClient() except FirewallError as msg: code = FirewallError.get_code(str(msg)) cmd.print_and_exit("Error: %s" % msg, code) fw.setExceptionHandler(cmd.exception_handler) if not fw.connected: if a.state: cmd.print_and_exit ("not running", errors.NOT_RUNNING) else: cmd.print_and_exit ("FirewallD is not running", errors.NOT_RUNNING) cmd.set_fw(fw) if options_zone_ops and not zone and not \ (a.service and options_service) and not \ (a.helper and options_helper): default = fw.getDefaultZone() cmd.print_if_verbose("No zone specified, using default zone, i.e. '%s'" % default) active = list(fw.getActiveZones().keys()) if active and default not in active: cmd.print_msg("""You're performing an operation over default zone ('%s'), but your connections/interfaces are in zone '%s' (see --get-active-zones) You most likely need to use --zone=%s option.\n""" % (default, ",".join(active), active[0])) if a.permanent: if a.get_ipsets: cmd.print_and_exit(" ".join(fw.config().getIPSetNames())) elif a.new_ipset: if not a.type: cmd.fail(parser.format_usage() + "No type specified.") settings = FirewallClientIPSetSettings() settings.setType(a.type) if a.option: for opt in a.option: settings.addOption(*cmd.parse_ipset_option(opt)) if a.family: settings.addOption("family", a.family) config = fw.config() config.addIPSet(a.new_ipset, settings) elif a.new_ipset_from_file: filename = os.path.basename(a.new_ipset_from_file) dirname = os.path.dirname(a.new_ipset_from_file) if dirname == "": dirname = "./" try: obj = ipset_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load ipset file '%s': %s" % \ (a.new_ipset_from_file, msg)) except IOError as msg: cmd.fail("Failed to load ipset file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIPSet(obj.name, obj.export_config()) elif a.delete_ipset: ipset = fw.config().getIPSetByName(a.delete_ipset) ipset.remove() elif a.load_ipset_defaults: ipset = fw.config().getIPSetByName(a.load_ipset_defaults) ipset.loadDefaults() elif a.info_ipset: ipset = fw.config().getIPSetByName(a.info_ipset) cmd.print_ipset_info(a.info_ipset, ipset.getSettings()) sys.exit(0) elif a.path_ipset: ipset = fw.config().getIPSetByName(a.path_ipset) cmd.print_and_exit("%s/%s" % (ipset.get_property("path"), ipset.get_property("filename"))) elif a.ipset: ipset = fw.config().getIPSetByName(a.ipset) settings = ipset.getSettings() if a.add_entry: cmd.add_sequence(a.add_entry, settings.addEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.remove_entry: cmd.remove_sequence(a.remove_entry, settings.removeEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.query_entry: cmd.query_sequence(a.query_entry, settings.queryEntry, None, "'%s'") elif a.get_entries: l = settings.getEntries() cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose( "Warning: ALREADY_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.remove_entries_from_file: changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.set_description: settings.setDescription(a.set_description) ipset.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) ipset.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_zones: cmd.print_and_exit(" ".join(fw.config().getZoneNames())) elif a.new_zone: config = fw.config() config.addZone(a.new_zone, FirewallClientZoneSettings()) elif a.new_zone_from_file: filename = os.path.basename(a.new_zone_from_file) dirname = os.path.dirname(a.new_zone_from_file) if dirname == "": dirname = "./" try: obj = zone_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load zone file '%s': %s" % \ (a.new_zone_from_file, msg)) except IOError as msg: cmd.fail("Failed to load zone file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addZone(obj.name, obj.export_config()) elif a.delete_zone: zone = fw.config().getZoneByName(a.delete_zone) zone.remove() elif a.load_zone_defaults: zone = fw.config().getZoneByName(a.load_zone_defaults) zone.loadDefaults() elif a.info_zone: zone = fw.config().getZoneByName(a.info_zone) cmd.print_zone_info(a.info_zone, zone.getSettings(), True) sys.exit(0) elif a.path_zone: zone = fw.config().getZoneByName(a.path_zone) cmd.print_and_exit("%s/%s" % (zone.get_property("path"), zone.get_property("filename"))) elif a.get_services: cmd.print_and_exit(" ".join(fw.config().getServiceNames())) elif a.new_service: config = fw.config() config.addService(a.new_service, FirewallClientServiceSettings()) elif a.new_service_from_file: filename = os.path.basename(a.new_service_from_file) dirname = os.path.dirname(a.new_service_from_file) if dirname == "": dirname = "./" try: obj = service_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load service file '%s': %s" % \ (a.new_service_from_file, msg)) except IOError as msg: cmd.fail("Failed to load service file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addService(obj.name, obj.export_config()) elif a.delete_service: service = fw.config().getServiceByName(a.delete_service) service.remove() elif a.load_service_defaults: service = fw.config().getServiceByName(a.load_service_defaults) service.loadDefaults() elif a.info_service: service = fw.config().getServiceByName(a.info_service) cmd.print_service_info(a.info_service, service.getSettings()) sys.exit(0) elif a.path_service: service = fw.config().getServiceByName(a.path_service) cmd.print_and_exit("%s/%s" % (service.get_property("path"), service.get_property("filename"))) elif a.get_helpers: cmd.print_and_exit(" ".join(fw.config().getHelperNames())) elif a.new_helper: if not a.module: cmd.fail(parser.format_usage() + "No module specified.") settings = FirewallClientHelperSettings() settings.setModule(a.module) if a.family: settings.setFamily(a.family) config = fw.config() config.addHelper(a.new_helper, settings) elif a.new_helper_from_file: filename = os.path.basename(a.new_helper_from_file) dirname = os.path.dirname(a.new_helper_from_file) if dirname == "": dirname = "./" try: obj = helper_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load helper file '%s': %s" % \ (a.new_helper_from_file, msg)) except IOError as msg: cmd.fail("Failed to load helper file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addHelper(obj.name, obj.export_config()) elif a.delete_helper: helper = fw.config().getHelperByName(a.delete_helper) helper.remove() elif a.load_helper_defaults: helper = fw.config().getHelperByName(a.load_helper_defaults) helper.loadDefaults() elif a.info_helper: helper = fw.config().getHelperByName(a.info_helper) cmd.print_helper_info(a.info_helper, helper.getSettings()) sys.exit(0) elif a.path_helper: helper = fw.config().getHelperByName(a.path_helper) cmd.print_and_exit("%s/%s" % (helper.get_property("path"), helper.get_property("filename"))) elif a.helper: helper = fw.config().getHelperByName(a.helper) settings = helper.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = helper.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.get_module: cmd.print_and_exit(settings.getModule()) elif a.set_module: settings.setModule(cmd.check_module(a.set_module)) helper.update(settings) elif a.get_family: cmd.print_and_exit(settings.getFamily()) elif a.set_family: settings.setFamily(cmd.check_helper_family(a.set_family[0])) helper.update(settings) elif a.set_description: settings.setDescription(a.set_description) helper.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) helper.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_icmptypes: cmd.print_and_exit(" ".join(fw.config().getIcmpTypeNames())) elif a.new_icmptype: config = fw.config() config.addIcmpType(a.new_icmptype, FirewallClientIcmpTypeSettings()) elif a.new_icmptype_from_file: filename = os.path.basename(a.new_icmptype_from_file) dirname = os.path.dirname(a.new_icmptype_from_file) if dirname == "": dirname = "./" try: obj = icmptype_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load icmptype file '%s': %s" % \ (a.new_icmptype_from_file, msg)) except IOError as msg: cmd.fail("Failed to load icmptype file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIcmpType(obj.name, obj.export_config()) elif a.delete_icmptype: icmptype = fw.config().getIcmpTypeByName(a.delete_icmptype) icmptype.remove() elif a.load_icmptype_defaults: icmptype = fw.config().getIcmpTypeByName(a.load_icmptype_defaults) icmptype.loadDefaults() elif a.info_icmptype: icmptype = fw.config().getIcmpTypeByName(a.info_icmptype) cmd.print_icmptype_info(a.info_icmptype, icmptype.getSettings()) sys.exit(0) elif a.path_icmptype: icmptype = fw.config().getIcmpTypeByName(a.path_icmptype) cmd.print_and_exit("%s/%s" % (icmptype.get_property("path"), icmptype.get_property("filename"))) elif a.icmptype: icmptype = fw.config().getIcmpTypeByName(a.icmptype) settings = icmptype.getSettings() if a.add_destination: cmd.add_sequence(a.add_destination, settings.addDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.remove_destination: cmd.remove_sequence(a.remove_destination, settings.removeDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.check_destination_ipv , "'%s'") elif a.get_destinations: l = settings.getDestinations() if len(l) == 0: l = [ "ipv4", "ipv6" ] cmd.print_and_exit("\n".join(l)) elif a.set_description: settings.setDescription(a.set_description) icmptype.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) icmptype.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.service: service = fw.config().getServiceByName(a.service) settings = service.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") elif a.get_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.get_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_module: cmd.add_sequence(a.add_module, settings.addModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.remove_module: cmd.remove_sequence(a.remove_module, settings.removeModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.query_module: cmd.query_sequence(a.query_module, settings.queryModule, None, "'%s'") elif a.get_modules: l = settings.getModules() cmd.print_and_exit(" ".join(["%s" % module for module in l])) elif a.set_destination: cmd.add_sequence(a.set_destination, settings.setDestination, settings.queryDestination, cmd.parse_service_destination, "%s:%s") service.update(settings) elif a.remove_destination: # special case for removeDestination: Only ipv, no address for ipv in a.remove_destination: cmd.check_destination_ipv(ipv) if ipv not in settings.getDestinations(): if len(a.remove_destination) > 1: cmd.print_warning("Warning: NOT_ENABLED: '%s'" % ipv) else: code = FirewallError.get_code("NOT_ENABLED") cmd.print_and_exit("Error: NOT_ENABLED: '%s'" % ipv, code) else: settings.removeDestination(ipv) service.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.parse_service_destination, "'%s'") elif a.get_destinations: l = settings.getDestinations() cmd.print_and_exit(" ".join(["%s:%s" % (dest[0], dest[1]) for dest in l.items()])) elif a.set_description: settings.setDescription(a.set_description) service.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) service.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") # lockdown whitelist elif options_lockdown_whitelist: policies = fw.config().policies() # commands if a.list_lockdown_whitelist_commands: l = policies.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, policies.addLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, policies.removeLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, policies.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = policies.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, policies.addLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, policies.removeLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, policies.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = policies.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, policies.addLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, policies.removeLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, policies.queryLockdownWhitelistUid, None, "%s") # users elif a.list_lockdown_whitelist_users: l = policies.getLockdownWhitelistUsers() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, policies.addLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, policies.removeLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, policies.queryLockdownWhitelistUser, None, "'%s'") elif options_direct: direct = fw.config().direct() if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --permanent --direct --passthrough { ipv4 | ipv6 | eb } <args>") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1]))) if a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --permanent --direct --add-passthrough { ipv4 | ipv6 | eb } <args>") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1]))) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --permanent --direct --remove-passthrough { ipv4 | ipv6 | eb } <args>") direct.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --permanent --direct --query-passthrough { ipv4 | ipv6 | eb } <args>") cmd.print_query_result( direct.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) sys.exit(0) elif a.get_passthroughs: rules = direct.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in direct.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: direct.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: direct.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result( direct.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) sys.exit(0) elif a.get_chains: cmd.print_and_exit( " ".join(direct.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) sys.exit(0) elif a.get_all_chains: chains = direct.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") direct.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") direct.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --permanent --direct --remove-rules { ipv4 | ipv6 | eb } <table> <chain>") direct.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") cmd.print_query_result( direct.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) sys.exit(0) elif a.get_rules: rules = direct.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = direct.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) else: if zone == "": zone = fw.getDefaultZone() fw_zone = fw.config().getZoneByName(zone) # interface if a.list_interfaces: interfaces = sorted(set(try_nm_get_interfaces_in_zone(zone)) | set(fw_zone.getInterfaces())) cmd.print_and_exit(" ".join(interfaces)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: # ask NM before checking our config zone = try_get_zone_of_interface(interface) if not zone: zone = fw.config().getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: if not try_set_zone_of_interface(zone, interface): interfaces.append(interface) for interface in interfaces: old_zone_name = fw.config().getZoneOfInterface(interface) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeInterface(interface)# remove from old fw_zone.addInterface(interface) # add to new elif a.add_interface: interfaces = [ ] for interface in a.add_interface: if not try_set_zone_of_interface(a.zone, interface): interfaces.append(interface) cmd.add_sequence(interfaces, fw_zone.addInterface, fw_zone.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: if not try_set_zone_of_interface("", interface): interfaces.append(interface) cmd.remove_sequence(interfaces, fw_zone.removeInterface, fw_zone.queryInterface, None, "'%s'") elif a.query_interface: cmd.query_sequence(a.query_interface, fw_zone.queryInterface, None, "'%s'") # source if a.list_sources: sources = fw_zone.getSources() cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.config().getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") elif a.change_source: for source in a.change_source: old_zone_name = fw.config().getZoneOfSource(source) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeSource(source) # remove from old fw_zone.addSource(source) # add to new elif a.add_source: cmd.add_sequence(a.add_source, fw_zone.addSource, fw_zone.querySource, None, "'%s'") elif a.remove_source: cmd.remove_sequence(a.remove_source, fw_zone.removeSource, fw_zone.querySource, None, "'%s'") elif a.query_source: cmd.query_sequence(a.query_source, fw_zone.querySource, None, "'%s'") # rich rules if a.list_rich_rules: l = fw_zone.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_zone.addRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_zone.removeRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_zone.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_zone.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_zone.addService, fw_zone.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, fw_zone.removeService, fw_zone.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_zone.queryService, None, "'%s'") # port elif a.list_ports: l = fw_zone.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_port: cmd.add_sequence(a.add_port, fw_zone.addPort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_zone.removePort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_zone.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_zone.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_zone.addProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_zone.removeProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_zone.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_zone.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_zone.addSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_zone.removeSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: fw_zone.addMasquerade() elif a.remove_masquerade: fw_zone.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(fw_zone.queryMasquerade()) # forward port elif a.list_forward_ports: l = fw_zone.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_zone.addForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_zone.removeForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_zone.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_zone.addIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_zone.removeIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_zone.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw_zone.addIcmpBlockInversion() elif a.remove_icmp_block_inversion: fw_zone.removeIcmpBlockInversion() elif a.query_icmp_block_inversion: cmd.print_query_result(fw_zone.queryIcmpBlockInversion()) # zone target elif a.get_target: target = fw_zone.getTarget() cmd.print_and_exit(target if target != "%%REJECT%%" else "REJECT") elif a.set_target: fw_zone.setTarget(a.set_target if a.set_target != "REJECT" else "%%REJECT%%") # list all zone settings elif a.list_all: interfaces = try_nm_get_interfaces_in_zone(zone) cmd.print_zone_info(zone, fw_zone.getSettings(), extra_interfaces=interfaces) sys.exit(0) # list everything elif a.list_all_zones: names = fw.config().getZoneNames() for zone in sorted(names): interfaces = try_nm_get_interfaces_in_zone(zone) settings = fw.config().getZoneByName(zone).getSettings() cmd.print_zone_info(zone, settings, extra_interfaces=interfaces) cmd.print_msg("") sys.exit(0) # set zone description elif a.set_description: settings = fw.config().getZoneByName(zone).getSettings() settings.setDescription(a.set_description) fw_zone.update(settings) # get zone description elif a.get_description: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getDescription()) # set zone short description elif a.set_short: settings = fw.config().getZoneByName(zone).getSettings() settings.setShort(a.set_short) fw_zone.update(settings) # get zone short description elif a.get_short: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getShort()) elif a.version: cmd.print_and_exit(fw.get_property("version")) elif a.state: state = fw.get_property("state") if state == "RUNNING": cmd.print_and_exit ("running") elif state == "FAILED": cmd.print_and_exit("failed", errors.RUNNING_BUT_FAILED) else: cmd.print_and_exit ("not running", errors.NOT_RUNNING) elif a.get_log_denied: cmd.print_and_exit(fw.getLogDenied()) elif a.set_log_denied: fw.setLogDenied(a.set_log_denied) elif a.get_automatic_helpers: cmd.print_and_exit(fw.getAutomaticHelpers()) elif a.set_automatic_helpers: fw.setAutomaticHelpers(a.set_automatic_helpers) elif a.get_ipset_types: types = fw.get_property("IPSetTypes") cmd.print_and_exit(" ".join(sorted(types))) elif a.reload: fw.reload() elif a.complete_reload: fw.complete_reload() elif a.runtime_to_permanent: fw.runtimeToPermanent() elif a.check_config: fw.checkPermanentConfig() elif a.direct: if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --direct --passthrough { ipv4 | ipv6 | eb } <args>") msg = fw.passthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1])) if msg: sys.stdout.write(msg + "\n") elif a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --direct --add-passthrough { ipv4 | ipv6 | eb } <args>") fw.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1])) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --direct --remove-passthrough { ipv4 | ipv6 | eb } <args>") fw.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --direct --query-passthrough { ipv4 | ipv6 | eb } <args>") cmd.print_query_result( fw.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) elif a.get_passthroughs: rules = fw.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in fw.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: fw.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: fw.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result(fw.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) elif a.get_chains: cmd.print_and_exit(" ".join(fw.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) elif a.get_all_chains: chains = fw.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") fw.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") fw.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --direct --remove-rules { ipv4 | ipv6 | eb } <table> <chain>") fw.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") cmd.print_query_result( fw.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) elif a.get_rules: rules = fw.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = fw.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) elif a.get_default_zone: cmd.print_and_exit(fw.getDefaultZone()) elif a.set_default_zone: fw.setDefaultZone(a.set_default_zone) elif a.get_zones: cmd.print_and_exit(" ".join(fw.getZones())) elif a.get_active_zones: zones = fw.getActiveZones() for zone in zones: cmd.print_msg("%s" % zone) for x in [ "interfaces", "sources" ]: if x in zones[zone]: cmd.print_msg(" %s: %s" % (x, " ".join(zones[zone][x]))) sys.exit(0) elif a.get_services: l = fw.listServices() cmd.print_and_exit(" ".join(l)) elif a.get_icmptypes: l = fw.listIcmpTypes() cmd.print_and_exit(" ".join(l)) # panic elif a.panic_on: fw.enablePanicMode() elif a.panic_off: fw.disablePanicMode() elif a.query_panic: cmd.print_query_result(fw.queryPanicMode()) # ipset elif a.get_ipsets: ipsets = fw.getIPSets() cmd.print_and_exit(" ".join(sorted(ipsets))) elif a.info_ipset: cmd.print_ipset_info(a.info_ipset, fw.getIPSetSettings(a.info_ipset)) sys.exit(0) elif a.add_entry: cmd.x_add_sequence(a.ipset, a.add_entry, fw.addEntry, fw.queryEntry, None, "'%s'") elif a.remove_entry: cmd.x_remove_sequence(a.ipset, a.remove_entry, fw.removeEntry, fw.queryEntry, None, "'%s'") elif a.query_entry: cmd.x_query_sequence(a.ipset, a.query_entry, fw.queryEntry, None, "'%s'") elif a.get_entries: l = fw.getEntries(a.ipset) cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose("Warning: ALREADY_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) elif a.remove_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) # helper elif a.get_helpers: helpers = fw.getHelpers() cmd.print_and_exit(" ".join(sorted(helpers))) elif a.info_helper: cmd.print_helper_info(a.info_helper, fw.getHelperSettings(a.info_helper)) sys.exit(0) # lockdown elif a.lockdown_on: fw.config().set_property("Lockdown", "yes") # permanent fw.enableLockdown() # runtime elif a.lockdown_off: fw.config().set_property("Lockdown", "no") # permanent fw.disableLockdown() # runtime elif a.query_lockdown: cmd.print_query_result(fw.queryLockdown()) # runtime #lockdown = fw.config().get_property("Lockdown") #cmd.print_query_result(lockdown.lower() in [ "yes", "true" ]) # lockdown whitelist # commands elif a.list_lockdown_whitelist_commands: l = fw.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, fw.addLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, fw.removeLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, fw.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = fw.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, fw.addLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, fw.removeLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, fw.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = fw.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, fw.addLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, fw.removeLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, fw.queryLockdownWhitelistUid, None, "'%s'") # users elif a.list_lockdown_whitelist_users: l = fw.getLockdownWhitelistUsers() cmd.print_and_exit(" ".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, fw.addLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, fw.removeLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, fw.queryLockdownWhitelistUser, None, "'%s'") # interface elif a.list_interfaces: l = fw.getInterfaces(zone) cmd.print_and_exit(" ".join(l)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: zone = fw.getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.add_interface: interfaces = [ ] for interface in a.add_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.addInterface, fw.queryInterface, None, "'%s'") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.changeZoneOfInterface, fw.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: interfaces.append(interface) cmd.x_remove_sequence(zone, interfaces, fw.removeInterface, fw.queryInterface, None, "'%s'") elif a.query_interface: cmd.x_query_sequence(zone, a.query_interface, fw.queryInterface, None, "'%s'") # source elif a.list_sources: sources = fw.getSources(zone) cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") sys.exit(0) elif a.add_source: cmd.x_add_sequence(zone, a.add_source, fw.addSource, fw.querySource, None, "'%s'") elif a.change_source: cmd.x_add_sequence(zone, a.change_source, fw.changeZoneOfSource, fw.querySource, None, "'%s'") elif a.remove_source: cmd.x_remove_sequence(zone, a.remove_source, fw.removeSource, fw.querySource, None, "'%s'") elif a.query_source: cmd.x_query_sequence(zone, a.query_source, fw.querySource, None, "'%s'") # rich rules elif a.list_rich_rules: l = fw.getRichRules(zone) cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.zone_add_timeout_sequence(zone, a.add_rich_rule, fw.addRichRule, fw.queryRichRule, None, "'%s'", a.timeout) elif a.remove_rich_rule: cmd.x_remove_sequence(zone, a.remove_rich_rule, fw.removeRichRule, fw.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.x_query_sequence(zone, a.query_rich_rule, fw.queryRichRule, None, "'%s'") # service elif a.list_services: l = fw.getServices(zone) cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.zone_add_timeout_sequence(zone, a.add_service, fw.addService, fw.queryService, None, "'%s'", a.timeout) elif a.remove_service: cmd.x_remove_sequence(zone, a.remove_service, fw.removeService, fw.queryService, None, "'%s'") elif a.query_service: cmd.x_query_sequence(zone, a.query_service, fw.queryService, None, "'%s'") # port elif a.list_ports: l = fw.getPorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_port: cmd.zone_add_timeout_sequence(zone, a.add_port, fw.addPort, fw.queryPort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_port: cmd.x_remove_sequence(zone, a.remove_port, fw.removePort, fw.queryPort, cmd.parse_port, "'%s/%s'") elif a.query_port: cmd.x_query_sequence(zone, a.query_port, fw.queryPort, cmd.parse_port, "'%s/%s'") # protocol elif a.list_protocols: l = fw.getProtocols(zone) cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.zone_add_timeout_sequence(zone, a.add_protocol, fw.addProtocol, fw.queryProtocol, None, "'%s'", a.timeout) elif a.remove_protocol: cmd.x_remove_sequence(zone, a.remove_protocol, fw.removeProtocol, fw.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.x_query_sequence(zone, a.query_protocol, fw.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw.getSourcePorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_source_port: cmd.zone_add_timeout_sequence(zone, a.add_source_port, fw.addSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_source_port: cmd.x_remove_sequence(zone, a.remove_source_port, fw.removeSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'") elif a.query_source_port: cmd.x_query_sequence(zone, a.query_source_port, fw.querySourcePort, cmd.parse_port, "'%s/%s'") # masquerade elif a.add_masquerade: fw.addMasquerade(zone, a.timeout) elif a.remove_masquerade: fw.removeMasquerade(zone) elif a.query_masquerade: cmd.print_query_result(fw.queryMasquerade(zone)) # forward port elif a.list_forward_ports: l = fw.getForwardPorts(zone) cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.zone_add_timeout_sequence(zone, a.add_forward_port, fw.addForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'", a.timeout) elif a.remove_forward_port: cmd.x_remove_sequence(zone, a.remove_forward_port, fw.removeForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") elif a.query_forward_port: cmd.x_query_sequence(zone, a.query_forward_port, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") # block icmp elif a.list_icmp_blocks: l = fw.getIcmpBlocks(zone) cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.zone_add_timeout_sequence(zone, a.add_icmp_block, fw.addIcmpBlock, fw.queryIcmpBlock, None, "'%s'", a.timeout) elif a.remove_icmp_block: cmd.x_remove_sequence(zone, a.remove_icmp_block, fw.removeIcmpBlock, fw.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.x_query_sequence(zone, a.query_icmp_block, fw.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw.addIcmpBlockInversion(zone) elif a.remove_icmp_block_inversion: fw.removeIcmpBlockInversion(zone) elif a.query_icmp_block_inversion: cmd.print_query_result(fw.queryIcmpBlockInversion(zone)) # list all elif a.list_all: z = zone if zone else fw.getDefaultZone() cmd.print_zone_info(z, fw.getZoneSettings(z)) sys.exit(0) # list everything elif a.list_all_zones: for zone in fw.getZones(): cmd.print_zone_info(zone, fw.getZoneSettings(zone)) cmd.print_msg("") sys.exit(0) elif a.info_zone: cmd.print_zone_info(a.info_zone, fw.getZoneSettings(a.info_zone), True) sys.exit(0) elif a.info_service: cmd.print_service_info(a.info_service, fw.getServiceSettings(a.info_service)) sys.exit(0) elif a.info_icmptype: cmd.print_icmptype_info(a.info_icmptype, fw.getIcmpTypeSettings(a.info_icmptype)) sys.exit(0) cmd.print_and_exit("success")
[+]
..
[-] pyzor-migrate
[edit]
[-] fgconsole
[edit]
[-] nl
[edit]
[-] pwd
[edit]
[-] libnetcfg
[edit]
[-] infokey
[edit]
[-] true
[edit]
[-] ps2ps
[edit]
[-] traceroute
[edit]
[-] atq
[edit]
[-] truncate
[edit]
[-] h2xs
[edit]
[-] pyzor
[edit]
[-] git-receive-pack
[edit]
[-] grub2-mkpasswd-pbkdf2
[edit]
[-] renice
[edit]
[-] js
[edit]
[-] xxd
[edit]
[-] dd
[edit]
[-] ea-php56-pear
[edit]
[-] nl-qdisc-add
[edit]
[-] splain
[edit]
[-] enchant
[edit]
[-] zlib_decompress
[edit]
[-] openal-info
[edit]
[-] fold
[edit]
[-] sftp
[edit]
[-] setterm
[edit]
[-] lchsh
[edit]
[-] tcumttest
[edit]
[-] nl-tctree-list
[edit]
[-] db_archive
[edit]
[-] awk
[edit]
[-] mkinitrd
[edit]
[-] gpgv2
[edit]
[-] nl-link-list
[edit]
[-] pathchk
[edit]
[-] ps2epsi
[edit]
[-] loginctl
[edit]
[-] netstat
[edit]
[-] psfstriptable
[edit]
[-] glib-genmarshal
[edit]
[-] db_checkpoint
[edit]
[-] ea-php74-pear
[edit]
[-] slabinfo
[edit]
[-] htpasswd
[edit]
[-] bunzip2
[edit]
[-] systemd-cat
[edit]
[-] systemd-sysv-convert
[edit]
[-] lsscsi
[edit]
[-] column
[edit]
[-] clear
[edit]
[-] instmodsh
[edit]
[-] mcdiff
[edit]
[-] dir
[edit]
[-] seq
[edit]
[-] systemd-ask-password
[edit]
[-] xsetpointer
[edit]
[-] c++filt
[edit]
[-] jetcli
[edit]
[-] node
[edit]
[-] memcached-tool
[edit]
[-] strings
[edit]
[-] chcon
[edit]
[-] dovecot-sysreport
[edit]
[-] xmodmap
[edit]
[-] krb5-config
[edit]
[-] sg_readcap
[edit]
[-] psfgettable
[edit]
[-] tty
[edit]
[-] zip
[edit]
[-] jetapi
[edit]
[-] unix-lpr.sh
[edit]
[-] tchmttest
[edit]
[-] strip
[edit]
[-] aserver
[edit]
[-] localedef
[edit]
[-] look
[edit]
[-] dracut
[edit]
[-] systemd-notify
[edit]
[-] dbus-uuidgen
[edit]
[-] mysql_tzinfo_to_sql
[edit]
[-] genl-ctrl-list
[edit]
[-] ipcs
[edit]
[-] db47_codegen
[edit]
[-] xsetroot
[edit]
[-] urlgrabber
[edit]
[-] newuidmap
[edit]
[-] xml2-config
[edit]
[-] basename
[edit]
[-] pod2man
[edit]
[-] nl-link-enslave
[edit]
[-] lz4_decompress
[edit]
[-] bdftruncate
[edit]
[-] newgrp
[edit]
[-] systemd-analyze
[edit]
[-] libpng-config
[edit]
[-] diff3
[edit]
[-] sg_inq
[edit]
[-] sprof
[edit]
[-] gml2gv
[edit]
[-] hexdump
[edit]
[-] switch_mod_lsapi
[edit]
[-] piconv
[edit]
[-] lesspipe.sh
[edit]
[-] taskset
[edit]
[-] machinectl
[edit]
[-] wmf2eps
[edit]
[-] su
[edit]
[-] view
[edit]
[-] whois
[edit]
[-] bdftogd
[edit]
[-] locale
[edit]
[-] npx
[edit]
[-] sandbox
[edit]
[-] cdda-player
[edit]
[-] ipcrm
[edit]
[-] preunzip
[edit]
[-] pwscore
[edit]
[-] ident
[edit]
[-] dpkg-divert
[edit]
[-] setmetamode
[edit]
[-] mailx
[edit]
[-] grub2-mkfont
[edit]
[-] myisampack
[edit]
[-] cpanp
[edit]
[-] repotrack
[edit]
[-] MagickCore-config
[edit]
[-] gd2copypal
[edit]
[-] printenv
[edit]
[-] cifsiostat
[edit]
[-] gtar
[edit]
[-] perlbug
[edit]
[-] glib-mkenums
[edit]
[-] bashbug-64
[edit]
[-] sg_read_long
[edit]
[-] mkfontdir
[edit]
[-] dumpkeys
[edit]
[-] ea-php72
[edit]
[-] ea-php70-pear
[edit]
[-] ispell
[edit]
[-] mysql_install_db
[edit]
[-] dotty
[edit]
[-] date
[edit]
[-] rvi
[edit]
[-] tracepath
[edit]
[-] infotocap
[edit]
[-] gs
[edit]
[-] pstruct
[edit]
[-] autotrace
[edit]
[-] co
[edit]
[-] MagickWand-config
[edit]
[-] gpgsplit
[edit]
[-] cpapi1
[edit]
[-] db_replicate
[edit]
[-] aulast
[edit]
[-] rm
[edit]
[-] xzfgrep
[edit]
[-] ps2pdf
[edit]
[-] bc
[edit]
[-] msgcat
[edit]
[-] odbc_config
[edit]
[-] sha256sum
[edit]
[-] db47_deadlock
[edit]
[-] autopoint
[edit]
[-] gsettings
[edit]
[-] zforce
[edit]
[-] vimdot
[edit]
[-] word-list-compress
[edit]
[-] chmem
[edit]
[-] mysqldumpslow
[edit]
[-] tcptraceroute
[edit]
[-] orc-bugreport
[edit]
[-] sg_reset
[edit]
[-] centrino-decode
[edit]
[-] dbus-monitor
[edit]
[-] wmf2svg
[edit]
[-] gcov
[edit]
[-] pldd
[edit]
[-] ndiff
[edit]
[-] watch
[edit]
[-] sg_unmap
[edit]
[-] nl-cls-list
[edit]
[-] setleds
[edit]
[-] mixartloader
[edit]
[-] replace
[edit]
[-] mysqlbinlog
[edit]
[-] cxpm
[edit]
[-] git-upload-pack
[edit]
[-] python2
[edit]
[-] giftogd2
[edit]
[-] ea-php56-pecl
[edit]
[-] auvirt
[edit]
[-] rpmkeys
[edit]
[-] stat
[edit]
[-] bzcmp
[edit]
[-] hb-ot-shape-closure
[edit]
[-] cpupower
[edit]
[-] h2ph
[edit]
[-] kill
[edit]
[-] prezip-bin
[edit]
[-] gdbus-codegen
[edit]
[-] nl-link-ifindex2name
[edit]
[-] sg_dd
[edit]
[-] nl-addr-delete
[edit]
[-] git
[edit]
[-] audit2why
[edit]
[-] hostnamectl
[edit]
[-] c2ph
[edit]
[-] vxloader
[edit]
[-] bzcat
[edit]
[-] msgconv
[edit]
[-] make
[edit]
[-] db47_archive
[edit]
[-] colrm
[edit]
[-] zless
[edit]
[-] glib-gettextize
[edit]
[-] ea-php56
[edit]
[-] sleep
[edit]
[-] xkill
[edit]
[-] zipcloak
[edit]
[-] jetapps
[edit]
[-] repoquery
[edit]
[-] imunify360-agent
[edit]
[-] pfbtopfa
[edit]
[-] nsupdate
[edit]
[-] ssh-copy-id
[edit]
[-] dbus-daemon
[edit]
[-] nl-list-caches
[edit]
[-] ea-php71-pear
[edit]
[-] xinput
[edit]
[-] secon
[edit]
[-] dbus-send
[edit]
[-] php
[edit]
[-] sg_write_buffer
[edit]
[-] pngtogd2
[edit]
[-] gcc-ranlib
[edit]
[-] tac
[edit]
[-] pk12util
[edit]
[-] myisam_ftdump
[edit]
[-] sed
[edit]
[-] chacl
[edit]
[-] fg
[edit]
[-] inotifywait
[edit]
[-] ccomps
[edit]
[-] gv2gml
[edit]
[-] yarn
[edit]
[-] tchtest
[edit]
[-] cairo-sphinx
[edit]
[-] mount
[edit]
[-] sg_raw
[edit]
[-] db_dump
[edit]
[-] HEAD
[edit]
[-] tcamgr
[edit]
[-] rlog
[edit]
[-] gsf-office-thumbnailer
[edit]
[-] echo
[edit]
[-] gpg-error-config
[edit]
[-] fipshmac
[edit]
[-] troff
[edit]
[-] ea-php74
[edit]
[-] tcatest
[edit]
[-] pango-list
[edit]
[-] myisamchk
[edit]
[-] grub2-editenv
[edit]
[-] lslogins
[edit]
[-] scsi_logging_level
[edit]
[-] atop
[edit]
[-] rview
[edit]
[-] xzcmp
[edit]
[-] sg_verify
[edit]
[-] gpg-agent
[edit]
[-] find2perl
[edit]
[-] cpio
[edit]
[-] whatis
[edit]
[-] bg
[edit]
[-] gpgv
[edit]
[-] dot2gxl
[edit]
[-] ipcmk
[edit]
[-] ifnames
[edit]
[-] podchecker
[edit]
[-] pod2html
[edit]
[-] nm-online
[edit]
[-] chmod
[edit]
[-] colcrt
[edit]
[-] yum-debug-dump
[edit]
[-] getopts
[edit]
[-] tcamttest
[edit]
[-] git-upload-archive
[edit]
[-] vlock
[edit]
[-] gvgen
[edit]
[-] db_tuner
[edit]
[-] envsubst
[edit]
[-] bison
[edit]
[-] unxz
[edit]
[-] openssl
[edit]
[-] mkfifo
[edit]
[-] sh
[edit]
[-] linux64
[edit]
[-] pkcs1-conv
[edit]
[-] tset
[edit]
[-] pygettext.py
[edit]
[-] ping6
[edit]
[-] gettext
[edit]
[-] cal
[edit]
[-] systemd-hwdb
[edit]
[-] mkfontscale
[edit]
[-] zegrep
[edit]
[-] net-snmp-create-v3-user
[edit]
[-] nano
[edit]
[-] gcc
[edit]
[-] lastb
[edit]
[-] xzdiff
[edit]
[-] lscpu
[edit]
[-] unzip
[edit]
[-] bzip2recover
[edit]
[-] nohup
[edit]
[-] yum-debug-restore
[edit]
[-] ea-php73-pecl
[edit]
[-] dbus-binding-tool
[edit]
[-] ssh
[edit]
[-] yum-config-manager
[edit]
[-] showkey
[edit]
[-] gneqn
[edit]
[-] sccmap
[edit]
[-] jobs
[edit]
[-] sg_rbuf
[edit]
[-] odbcinst
[edit]
[-] xzcat
[edit]
[-] h5perf_serial
[edit]
[-] dig
[edit]
[-] dwp
[edit]
[-] cd
[edit]
[-] rpmverify
[edit]
[-] scsi_readcap
[edit]
[-] post-grohtml
[edit]
[-] sg_turs
[edit]
[-] sg_emc_trespass
[edit]
[-] ranlib
[edit]
[-] funzip
[edit]
[-] memcached
[edit]
[-] teamdctl
[edit]
[-] xzgrep
[edit]
[-] cp
[edit]
[-] gzexe
[edit]
[-] compare
[edit]
[-] gdk-pixbuf-csource
[edit]
[-] msggrep
[edit]
[-] findmnt
[edit]
[-] ex
[edit]
[-] sendiso
[edit]
[-] last
[edit]
[-] xstdcmap
[edit]
[-] sort
[edit]
[-] alias
[edit]
[-] nl-fib-lookup
[edit]
[-] namei
[edit]
[-] unshare
[edit]
[-] usleep
[edit]
[-] gvmap
[edit]
[-] ld.gold
[edit]
[-] sasl2-sample-server
[edit]
[-] nmtui
[edit]
[-] grub2-kbdcomp
[edit]
[-] nail
[edit]
[-] dmesg
[edit]
[-] checkmodule
[edit]
[-] chrt
[edit]
[-] rpm2cpio
[edit]
[-] strace-log-merge
[edit]
[-] gxl2dot
[edit]
[-] trust
[edit]
[-] h5debug
[edit]
[-] mcookie
[edit]
[-] ul
[edit]
[-] gdtopng
[edit]
[-] tcucodec
[edit]
[-] db47_upgrade
[edit]
[-] easy_install
[edit]
[-] psfxtable
[edit]
[-] libtool
[edit]
[-] sum
[edit]
[-] cat
[edit]
[-] powernow-k8-decode
[edit]
[-] turbostat
[edit]
[-] pip-3
[edit]
[-] gdlib-config
[edit]
[-] run-parts
[edit]
[-] setfacl
[edit]
[-] bzmore
[edit]
[-] nslookup
[edit]
[-] gvpr
[edit]
[-] gobject-query
[edit]
[-] elfedit
[edit]
[-] sg_stpg
[edit]
[-] gprof
[edit]
[-] Mail
[edit]
[-] grub2-mkimage
[edit]
[-] od
[edit]
[-] sudoreplay
[edit]
[-] nl-link-release
[edit]
[-] mknod
[edit]
[-] pwdx
[edit]
[-] pngtogd
[edit]
[-] pr
[edit]
[-] unlink
[edit]
[-] whereis
[edit]
[-] more
[edit]
[-] imunify-service
[edit]
[-] gslp
[edit]
[-] sg_get_lba_status
[edit]
[-] db47_dump
[edit]
[-] peekfd
[edit]
[-] doveconf
[edit]
[-] nmcli
[edit]
[-] getconf
[edit]
[-] lastlog
[edit]
[-] zcmp
[edit]
[-] head
[edit]
[-] mandb
[edit]
[-] my_print_defaults
[edit]
[-] sfdp
[edit]
[-] users
[edit]
[-] msghack
[edit]
[-] xzegrep
[edit]
[-] imapsync
[edit]
[-] msgcomm
[edit]
[-] grub2-render-label
[edit]
[-] fc-cache
[edit]
[-] pynche
[edit]
[-] nl-neigh-add
[edit]
[-] gtbl
[edit]
[-] mkdir
[edit]
[-] dbilogstrip
[edit]
[-] tsort
[edit]
[-] db47_printlog
[edit]
[-] fc-pattern
[edit]
[-] ssh-add
[edit]
[-] icu-config
[edit]
[-] fallocate
[edit]
[-] false
[edit]
[-] xzdec
[edit]
[-] gd2togif
[edit]
[-] tmux
[edit]
[-] hunspell
[edit]
[-] make-dummy-cert
[edit]
[-] h5jam
[edit]
[-] sexp-conv
[edit]
[-] bzdiff
[edit]
[-] loadunimap
[edit]
[-] perl5.16.3
[edit]
[-] nf-ct-list
[edit]
[-] bashbug
[edit]
[-] mail
[edit]
[-] dbiproxy
[edit]
[-] nl-class-delete
[edit]
[-] ypdomainname
[edit]
[-] fc-conflist
[edit]
[-] nf-queue
[edit]
[-] pure-pwconvert
[edit]
[-] wmf2fig
[edit]
[-] gapplication
[edit]
[-] cpanp-run-perl
[edit]
[-] diff
[edit]
[-] cc
[edit]
[-] zfgrep
[edit]
[-] sg_copy_results
[edit]
[-] gr2fonttest
[edit]
[-] checkpolicy
[edit]
[-] db_hotbackup
[edit]
[-] batch
[edit]
[-] ps2pdf14
[edit]
[-] touch
[edit]
[-] tcfmttest
[edit]
[-] mysqladmin
[edit]
[-] setfont
[edit]
[-] pydoc3
[edit]
[-] mysql_plugin
[edit]
[-] wall
[edit]
[-] fc-list
[edit]
[-] db47_recover
[edit]
[-] md5sum
[edit]
[-] pstree.x11
[edit]
[-] systemd-delta
[edit]
[-] dbus-cleanup-sockets
[edit]
[-] soelim
[edit]
[-] nl-util-addr
[edit]
[-] hdsploader
[edit]
[-] montage
[edit]
[-] sg_vpd
[edit]
[-] catman
[edit]
[-] unflatten
[edit]
[-] tail
[edit]
[-] nl-class-add
[edit]
[-] tcbmttest
[edit]
[-] which
[edit]
[-] msgunfmt
[edit]
[-] ps2pdfwr
[edit]
[-] libgcrypt-config
[edit]
[-] pkaction
[edit]
[-] sg_map
[edit]
[-] comm
[edit]
[-] g++
[edit]
[-] autoupdate
[edit]
[-] tput
[edit]
[-] sim_client
[edit]
[-] firewall-cmd
[edit]
[-] mktemp
[edit]
[-] sha224sum
[edit]
[-] sgm_dd
[edit]
[-] libwmf-fontmap
[edit]
[-] tload
[edit]
[-] mv
[edit]
[-] msgen
[edit]
[-] pkla-check-authorization
[edit]
[-] elinks
[edit]
[-] lwp-request
[edit]
[-] qt-faststart
[edit]
[-] autotrace-config
[edit]
[-] mapscrn
[edit]
[-] crontab
[edit]
[-] sg_requests
[edit]
[-] sg_write_long
[edit]
[-] vimdiff
[edit]
[-] nproc
[edit]
[-] scl_source
[edit]
[-] audit2allow
[edit]
[-] xzmore
[edit]
[-] mm2gv
[edit]
[-] libpng15-config
[edit]
[-] lwp-download
[edit]
[-] pgawk
[edit]
[-] nroff
[edit]
[-] lsattr
[edit]
[-] ffprobe
[edit]
[-] gawk
[edit]
[-] xz
[edit]
[-] nsenter
[edit]
[-] sg_test_rwbuf
[edit]
[-] atopsar
[edit]
[-] ssh-keyscan
[edit]
[-] systemd-path
[edit]
[-] atrm
[edit]
[-] tclsh8.5
[edit]
[-] readelf
[edit]
[-] gsdj
[edit]
[-] tabs
[edit]
[-] mysqldump
[edit]
[-] fc-cache-64
[edit]
[-] snmpconf
[edit]
[-] pcre-config
[edit]
[-] pip-3.6
[edit]
[-] wait
[edit]
[-] timeout
[edit]
[-] lessecho
[edit]
[-] dvipdf
[edit]
[-] nl-link-stats
[edit]
[-] httxt2dbm
[edit]
[-] json_xs
[edit]
[-] gsbj
[edit]
[-] base64
[edit]
[-] ci
[edit]
[-] cd-read
[edit]
[-] cvtsudoers
[edit]
[-] ldd
[edit]
[-] paperconf
[edit]
[-] unshar
[edit]
[-] perlml
[edit]
[-] cl-linksafe-reconfigure
[edit]
[-] pinky
[edit]
[-] idle
[edit]
[-] firewall-offline-cmd
[edit]
[-] cd-paranoia
[edit]
[-] snice
[edit]
[-] flex
[edit]
[-] h5import
[edit]
[-] fc-query
[edit]
[-] autoconf
[edit]
[-] logresolve
[edit]
[-] alt-mysql-reconfigure
[edit]
[-] nl-neigh-delete
[edit]
[-] pf2afm
[edit]
[-] imunify-antivirus
[edit]
[-] ea-wappspector
[edit]
[-] gpg2
[edit]
[-] wmf2gd
[edit]
[-] setpriv
[edit]
[-] dijkstra
[edit]
[-] xsubpp
[edit]
[-] tred
[edit]
[-] ngettext
[edit]
[-] mysqlimport
[edit]
[-] uapi
[edit]
[-] mysql
[edit]
[-] nl-addr-add
[edit]
[-] groups
[edit]
[-] grub2-script-check
[edit]
[-] grub2-fstest
[edit]
[-] xrdb
[edit]
[-] gpg
[edit]
[-] scsi_temperature
[edit]
[-] iconv
[edit]
[-] domainname
[edit]
[-] corelist
[edit]
[-] numfmt
[edit]
[-] aspell
[edit]
[-] lslocks
[edit]
[-] setkeycodes
[edit]
[-] sg_reassign
[edit]
[-] cd-info
[edit]
[-] pinentry
[edit]
[-] systemd-inhibit
[edit]
[-] autom4te
[edit]
[-] jetmongo
[edit]
[-] nfsiostat-sysstat
[edit]
[-] patch
[edit]
[-] systemd-loginctl
[edit]
[-] imunify-agent-proxy
[edit]
[-] whoami
[edit]
[-] msgcmp
[edit]
[-] pkttyagent
[edit]
[-] m4
[edit]
[-] csslint-0.6
[edit]
[-] raw
[edit]
[-] cpp
[edit]
[-] grub2-mknetdir
[edit]
[-] sudoedit
[edit]
[-] link
[edit]
[-] cpan-mirrors
[edit]
[-] repo-graph
[edit]
[-] perlivp
[edit]
[-] pdf2ps
[edit]
[-] chattr
[edit]
[-] repoclosure
[edit]
[-] GET
[edit]
[-] dtrace
[edit]
[-] cksum
[edit]
[-] gcc-ar
[edit]
[-] gettextize
[edit]
[-] scl_enabled
[edit]
[-] quota
[edit]
[-] shred
[edit]
[-] sg_ident
[edit]
[-] import
[edit]
[-] lynx
[edit]
[-] wish8.5
[edit]
[-] reposync
[edit]
[-] expr
[edit]
[-] prtstat
[edit]
[-] ptaskset
[edit]
[-] at
[edit]
[-] resolve_stack_dump
[edit]
[-] nmtui-hostname
[edit]
[-] tbl
[edit]
[-] gdk-pixbuf-pixdata
[edit]
[-] mysqlcheck
[edit]
[-] ca-legacy
[edit]
[-] mysql_ssl_rsa_setup
[edit]
[-] alt-php-mysql-reconfigure.py
[edit]
[-] luac
[edit]
[-] autoscan
[edit]
[-] systemd-firstboot
[edit]
[-] nl-neigh-list
[edit]
[-] zipdetails
[edit]
[-] update-mime-database
[edit]
[-] scriptreplay
[edit]
[-] xsetmode
[edit]
[-] sudo
[edit]
[-] pphs
[edit]
[-] unzipsfx
[edit]
[-] x86_energy_perf_policy
[edit]
[-] fdp
[edit]
[-] whois.md
[edit]
[-] pod2text
[edit]
[-] glib-compile-schemas
[edit]
[-] chsh
[edit]
[-] tcbtest
[edit]
[-] h5repack
[edit]
[-] xgettext
[edit]
[-] chage
[edit]
[-] pmap
[edit]
[-] socat
[edit]
[-] sg_xcopy
[edit]
[-] teamd
[edit]
[-] pod2latex
[edit]
[-] c99
[edit]
[-] bind9-config
[edit]
[-] bzip2
[edit]
[-] zipnote
[edit]
[-] paste
[edit]
[-] ausyscall
[edit]
[-] signver
[edit]
[-] sg_get_config
[edit]
[-] podselect
[edit]
[-] ping
[edit]
[-] arpaname
[edit]
[-] getkeycodes
[edit]
[-] bond2team
[edit]
[-] x86_64
[edit]
[-] tapestat
[edit]
[-] wmf2x
[edit]
[-] xslt-config
[edit]
[-] composite
[edit]
[-] ptar
[edit]
[-] xgamma
[edit]
[-] display
[edit]
[-] pkg-config
[edit]
[-] join
[edit]
[-] sg_read_buffer
[edit]
[-] host
[edit]
[-] vi
[edit]
[-] x86_64-redhat-linux-g++
[edit]
[-] isql
[edit]
[-] neato
[edit]
[-] htop
[edit]
[-] pyvenv-3.6
[edit]
[-] db_verify
[edit]
[-] delv
[edit]
[-] ls
[edit]
[-] agentxtrap
[edit]
[-] uptime
[edit]
[-] c++
[edit]
[-] circo
[edit]
[-] gslj
[edit]
[-] readlink
[edit]
[-] filan
[edit]
[-] gc
[edit]
[-] rpcgen
[edit]
[-] h5ls
[edit]
[-] as
[edit]
[-] zipcmp
[edit]
[-] nf-exp-list
[edit]
[-] pidstat
[edit]
[-] twopi
[edit]
[-] linux-boot-prober
[edit]
[-] yes
[edit]
[-] igawk
[edit]
[-] vmstat
[edit]
[-] json_reformat
[edit]
[-] pydoc3.6
[edit]
[-] run-with-aspell
[edit]
[-] i386
[edit]
[-] makedb
[edit]
[-] setarch
[edit]
[-] prlimit
[edit]
[-] unexpand
[edit]
[-] s2p
[edit]
[-] mysql_config
[edit]
[-] dirname
[edit]
[-] objdump
[edit]
[-] gtester
[edit]
[-] atopconvert
[edit]
[-] tcttest
[edit]
[-] db_recover
[edit]
[-] sg_sync
[edit]
[-] pango-querymodules-64
[edit]
[-] dpkg-trigger
[edit]
[-] aulastlog
[edit]
[-] sha512sum
[edit]
[-] uname
[edit]
[-] kdumpctl
[edit]
[-] loadkeys
[edit]
[-] chfn
[edit]
[-] nping
[edit]
[-] ab
[edit]
[-] neqn
[edit]
[-] h5copy
[edit]
[-] sync
[edit]
[-] matdump
[edit]
[-] dgawk
[edit]
[-] killall
[edit]
[-] imunify360-command-wrapper
[edit]
[-] gtk-demo
[edit]
[-] nmtui-edit
[edit]
[-] sg_luns
[edit]
[-] page_owner_sort
[edit]
[-] manpath
[edit]
[-] cpapi2
[edit]
[-] mysql_upgrade
[edit]
[-] nl-pktloc-lookup
[edit]
[-] links
[edit]
[-] pinentry-curses
[edit]
[-] dnsdomainname
[edit]
[-] plesk_configure
[edit]
[-] sg_start
[edit]
[-] dpkg-deb
[edit]
[-] sg_map26
[edit]
[-] xrefresh
[edit]
[-] alt-php-mysql-reconfigure
[edit]
[-] pyzord
[edit]
[-] innochecksum
[edit]
[-] h5dump
[edit]
[-] glib-compile-resources
[edit]
[-] ea-php70-pecl
[edit]
[-] mesg
[edit]
[-] ziptorrent
[edit]
[-] lsns
[edit]
[-] sg_rmsn
[edit]
[-] setup-nsssysinit.sh
[edit]
[-] pdns_control
[edit]
[-] gunzip
[edit]
[-] verifytree
[edit]
[-] xmlcatalog
[edit]
[-] testgdbm
[edit]
[-] mmc-tool
[edit]
[-] grub2-mklayout
[edit]
[-] mysql_config_editor
[edit]
[-] hb-shape
[edit]
[-] db_load
[edit]
[-] pydoc
[edit]
[-] mysql_config-64
[edit]
[-] gpic
[edit]
[-] shuf
[edit]
[-] pip3
[edit]
[-] nl-qdisc-delete
[edit]
[-] gtester-report
[edit]
[-] ea-php73-pear
[edit]
[-] precat
[edit]
[-] nl-cls-add
[edit]
[-] ghostscript
[edit]
[-] printf
[edit]
[-] nf-monitor
[edit]
[-] atopd
[edit]
[-] sg_read_block_limits
[edit]
[-] grub2-mkrescue
[edit]
[-] sg_format
[edit]
[-] acyclic
[edit]
[-] pdf2dsc
[edit]
[-] certutil
[edit]
[-] msgexec
[edit]
[-] col
[edit]
[-] sgp_dd
[edit]
[-] objcopy
[edit]
[-] grub2-glue-efi
[edit]
[-] bcomps
[edit]
[-] sg_safte
[edit]
[-] ncurses5-config
[edit]
[-] x86_64-redhat-linux-gcc
[edit]
[-] sg
[edit]
[-] chgrp
[edit]
[-] expand
[edit]
[-] tctmttest
[edit]
[-] nmap
[edit]
[-] sg_sat_phy_event
[edit]
[-] dot
[edit]
[-] toe
[edit]
[-] scsi-rescan
[edit]
[-] iptables-xml
[edit]
[-] realpath
[edit]
[-] ea-php74-pecl
[edit]
[-] nl-list-sockets
[edit]
[-] perror
[edit]
[-] ptx
[edit]
[-] compile_et
[edit]
[-] ps2ascii
[edit]
[-] nc
[edit]
[-] nl-route-get
[edit]
[-] fipscheck
[edit]
[-] bzless
[edit]
[-] who
[edit]
[-] dbiprof
[edit]
[-] scsi_stop
[edit]
[-] nl-link-set
[edit]
[-] showrgb
[edit]
[-] sg_persist
[edit]
[-] db_stat
[edit]
[-] nl-monitor
[edit]
[-] dbus-run-session
[edit]
[-] update-ca-trust
[edit]
[-] eps2eps
[edit]
[-] wget
[edit]
[-] setup-nsssysinit
[edit]
[-] nl-addr-list
[edit]
[-] sg_compare_and_write
[edit]
[-] needs-restarting
[edit]
[-] gdparttopng
[edit]
[-] sessreg
[edit]
[-] scsi_mandat
[edit]
[-] a2p
[edit]
[-] json_verify
[edit]
[-] heif-thumbnailer
[edit]
[-] nss-policy-check
[edit]
[-] prezip
[edit]
[-] enchant-lsmod
[edit]
[-] mogrify
[edit]
[-] gtk-builder-convert
[edit]
[-] diffimg
[edit]
[-] flock
[edit]
[-] libwmf-config
[edit]
[-] zipgrep
[edit]
[-] idiag-socket-details
[edit]
[-] fc-validate
[edit]
[-] vim
[edit]
[-] gvmap.sh
[edit]
[-] unicode_start
[edit]
[-] mcedit
[edit]
[-] unalias
[edit]
[-] pkill
[edit]
[-] nm
[edit]
[-] geoipupdate
[edit]
[-] automake-1.13
[edit]
[-] os-prober
[edit]
[-] nisdomainname
[edit]
[-] nmtui-connect
[edit]
[-] convert
[edit]
[-] sg_rdac
[edit]
[-] uniq
[edit]
[-] yumdownloader
[edit]
[-] mc
[edit]
[-] POST
[edit]
[-] split
[edit]
[-] python2-config
[edit]
[-] grops
[edit]
[-] systemd-escape
[edit]
[-] icuinfo
[edit]
[-] config_data
[edit]
[-] sg_wr_mode
[edit]
[-] wc
[edit]
[-] identify
[edit]
[-] python3.6m
[edit]
[-] plymouth
[edit]
[-] mpstat
[edit]
[-] scsi_start
[edit]
[-] Wand-config
[edit]
[-] open
[edit]
[-] tic
[edit]
[-] sg_write_same
[edit]
[-] npm
[edit]
[-] grub2-syslinux2cfg
[edit]
[-] isc-config.sh
[edit]
[-] ncursesw5-config
[edit]
[-] lneato
[edit]
[-] sg_modes
[edit]
[-] sha1sum
[edit]
[-] dltest
[edit]
[-] unlz4
[edit]
[-] cmp
[edit]
[-] pstree
[edit]
[-] 2to3
[edit]
[-] pure-statsdecode
[edit]
[-] gpg-zip
[edit]
[-] h5stat
[edit]
[-] kernel-install
[edit]
[-] geoiplookup6
[edit]
[-] sg_logs
[edit]
[-] tailf
[edit]
[-] systemd-machine-id-setup
[edit]
[-] chardetect
[edit]
[-] umount
[edit]
[-] rvim
[edit]
[-] iostat
[edit]
[-] yarnpkg
[edit]
[-] geqn
[edit]
[-] python3.6
[edit]
[-] h5mkgrp
[edit]
[-] tcfmgr
[edit]
[-] ps
[edit]
[-] yum
[edit]
[-] uuclient
[edit]
[-] pchrt
[edit]
[-] zdiff
[edit]
[-] easy_install-2.7
[edit]
[-] kbdrate
[edit]
[-] groff
[edit]
[-] sg_sanitize
[edit]
[-] ffserver
[edit]
[-] systemd-tmpfiles
[edit]
[-] gtk-query-immodules-2.0-64
[edit]
[-] gvcolor
[edit]
[-] gpgparsemail
[edit]
[-] sg_referrals
[edit]
[-] gio
[edit]
[-] reset
[edit]
[-] write
[edit]
[-] scl
[edit]
[-] ndptool
[edit]
[-] ucs2any
[edit]
[-] gdk-pixbuf-query-loaders-64
[edit]
[-] ea-php70
[edit]
[-] lz4cat
[edit]
[-] c89
[edit]
[-] mdig
[edit]
[-] openvt
[edit]
[-] wish
[edit]
[-] dpkg-split
[edit]
[-] h5diff
[edit]
[-] sedismod
[edit]
[-] qemu-ga
[edit]
[-] ftp
[edit]
[-] heif-info
[edit]
[-] aec
[edit]
[-] lwp-dump
[edit]
[-] mysqlpump
[edit]
[-] gettext.sh
[edit]
[-] oldfind
[edit]
[-] lsipc
[edit]
[-] gif2h5
[edit]
[-] gdk-pixbuf-thumbnailer
[edit]
[-] nop
[edit]
[-] zipinfo
[edit]
[-] mysql_secure_installation
[edit]
[-] install
[edit]
[-] watchgnupg
[edit]
[-] factor
[edit]
[-] hostid
[edit]
[-] getopt
[edit]
[-] h52gif
[edit]
[-] busctl
[edit]
[-] info
[edit]
[-] libtoolize
[edit]
[-] stdbuf
[edit]
[-] systemd-coredumpctl
[edit]
[-] nf-exp-delete
[edit]
[-] newgidmap
[edit]
[-] strace
[edit]
[-] db_dump185
[edit]
[-] systemctl
[edit]
[-] id
[edit]
[-] sg_ses
[edit]
[-] grub2-menulst2cfg
[edit]
[-] xmllint
[edit]
[-] graphml2gv
[edit]
[-] uuidgen
[edit]
[-] update-gtk-immodules
[edit]
[-] pre-grohtml
[edit]
[-] sg_scan
[edit]
[-] tmpwatch
[edit]
[-] ncat
[edit]
[-] dircolors
[edit]
[-] zipmerge
[edit]
[-] freetype-config
[edit]
[-] gsoelim
[edit]
[-] gio-querymodules-64
[edit]
[-] recode-sr-latin
[edit]
[-] setvtrgb
[edit]
[-] top
[edit]
[-] rpm
[edit]
[-] scp
[edit]
[-] lesskey
[edit]
[-] rdate
[edit]
[-] sxpm
[edit]
[-] keyctl
[edit]
[-] fonttosfnt
[edit]
[-] prune
[edit]
[-] lwp-mirror
[edit]
[-] mcview
[edit]
[-] chvt
[edit]
[-] ptargrep
[edit]
[-] pflags
[edit]
[-] nl-link-name2ifindex
[edit]
[-] sar
[edit]
[-] pod2usage
[edit]
[-] semodule_package
[edit]
[-] cpapi3
[edit]
[-] grub2-file
[edit]
[-] cmsutil
[edit]
[-] git-shell
[edit]
[-] nettle-lfib-stream
[edit]
[-] gpg-error
[edit]
[-] gcc-nm
[edit]
[-] rpmquery
[edit]
[-] linux32
[edit]
[-] systemd-tty-ask-password-agent
[edit]
[-] nl-rule-list
[edit]
[-] scsi_satl
[edit]
[-] pftp
[edit]
[-] hostname
[edit]
[-] doveadm
[edit]
[-] vimtutor
[edit]
[-] sg_decode_sense
[edit]
[-] nf-log
[edit]
[-] ea-php72-pecl
[edit]
[-] python2.7
[edit]
[-] systemd-run
[edit]
[-] grub2-mkrelpath
[edit]
[-] captoinfo
[edit]
[-] deallocvt
[edit]
[-] x265
[edit]
[-] idn
[edit]
[-] skill
[edit]
[-] nl-route-delete
[edit]
[-] gpgconf
[edit]
[-] grep
[edit]
[-] isosize
[edit]
[-] udevadm
[edit]
[-] rcsmerge
[edit]
[-] python-config
[edit]
[-] curl
[edit]
[-] nf-exp-add
[edit]
[-] tee
[edit]
[-] aclocal-1.13
[edit]
[-] yum-builddep
[edit]
[-] timedatectl
[edit]
[-] less
[edit]
[-] cpan
[edit]
[-] dpkg
[edit]
[-] gsdj500
[edit]
[-] fc
[edit]
[-] ld.bfd
[edit]
[-] fribidi
[edit]
[-] rcs
[edit]
[-] infocmp
[edit]
[-] wdctl
[edit]
[-] db47_stat
[edit]
[-] ionice
[edit]
[-] zone2sql
[edit]
[-] systemd-nspawn
[edit]
[-] msgfmt.py
[edit]
[-] mysqlslap
[edit]
[-] db47_checkpoint
[edit]
[-] addr2line
[edit]
[-] gmake
[edit]
[-] htdigest
[edit]
[-] showconsolefont
[edit]
[-] preconv
[edit]
[-] nl-route-list
[edit]
[-] nl-qdisc-list
[edit]
[-] prove
[edit]
[-] df
[edit]
[-] jetbackup
[edit]
[-] journalctl
[edit]
[-] logger
[edit]
[-] pkla-admin-identities
[edit]
[-] rnano
[edit]
[-] perlthanks
[edit]
[-] berkeley_db47_svc
[edit]
[-] ea-php73
[edit]
[-] pwmake
[edit]
[-] slogin
[edit]
[-] gvpack
[edit]
[-] Magick-config
[edit]
[-] rsync
[edit]
[-] rsyslog-recover-qi.pl
[edit]
[-] gdbus
[edit]
[-] csplit
[edit]
[-] pic
[edit]
[-] arch
[edit]
[-] pip
[edit]
[-] msgattrib
[edit]
[-] iso-info
[edit]
[-] bzgrep
[edit]
[-] repo-rss
[edit]
[-] tcbmgr
[edit]
[-] find
[edit]
[-] apropos
[edit]
[-] ea-php71-pecl
[edit]
[-] apxs
[edit]
[-] python3
[edit]
[-] fc-cat
[edit]
[-] perl
[edit]
[-] ptardiff
[edit]
[-] testlibraw
[edit]
[-] h5repart
[edit]
[-] grotty
[edit]
[-] lsmem
[edit]
[-] cluster
[edit]
[-] systemd-cgls
[edit]
[-] msgmerge
[edit]
[-] sginfo
[edit]
[-] file
[edit]
[-] unicode_stop
[edit]
[-] procan
[edit]
[-] dpkg-maintscript-helper
[edit]
[-] sasl2-sample-client
[edit]
[-] kmod
[edit]
[-] heif-convert
[edit]
[-] gtroff
[edit]
[-] [
[edit]
[-] hmac256
[edit]
[-] dwz
[edit]
[-] patchwork
[edit]
[-] h5unjam
[edit]
[-] nl-route-add
[edit]
[-] ps2ps2
[edit]
[-] sg_sat_identify
[edit]
[-] nl-class-list
[edit]
[-] pl2pm
[edit]
[-] msginit
[edit]
[-] sg_opcodes
[edit]
[-] setsid
[edit]
[-] gm
[edit]
[-] telnet
[edit]
[-] mountpoint
[edit]
[-] webpng
[edit]
[-] annotate
[edit]
[-] slabtop
[edit]
[-] lz4
[edit]
[-] utmpdump
[edit]
[-] gencat
[edit]
[-] zipsplit
[edit]
[-] uudecode
[edit]
[-] db47_hotbackup
[edit]
[-] tctmgr
[edit]
[-] rpmdb
[edit]
[-] fgrep
[edit]
[-] nl-classid-lookup
[edit]
[-] ipcalc
[edit]
[-] show-installed
[edit]
[-] sedispol
[edit]
[-] stty
[edit]
[-] pip2
[edit]
[-] repomanage
[edit]
[-] db_upgrade
[edit]
[-] resolveip
[edit]
[-] sg_sat_set_features
[edit]
[-] icu-config-64
[edit]
[-] grub2-mkstandalone
[edit]
[-] systemd-detect-virt
[edit]
[-] debuginfo-install
[edit]
[-] cpan2dist
[edit]
[-] python
[edit]
[-] pango-view
[edit]
[-] crlutil
[edit]
[-] fc-scan
[edit]
[-] w
[edit]
[-] rmdir
[edit]
[-] stream
[edit]
[-] quotasync
[edit]
[-] xhost
[edit]
[-] myisamlog
[edit]
[-] msguniq
[edit]
[-] zone2json
[edit]
[-] whiptail
[edit]
[-] getent
[edit]
[-] dpkg-statoverride
[edit]
[-] db_deadlock
[edit]
[-] scsi_ready
[edit]
[-] sg_rtpg
[edit]
[-] pyvenv
[edit]
[-] bdftopcf
[edit]
[-] ar
[edit]
[-] msgfilter
[edit]
[-] passwd
[edit]
[-] spell
[edit]
[-] sadf
[edit]
[-] bootctl
[edit]
[-] ln
[edit]
[-] cut
[edit]
[-] ea-php71
[edit]
[-] catchsegv
[edit]
[-] gpasswd
[edit]
[-] nl-neightbl-list
[edit]
[-] env
[edit]
[-] named-rrchecker
[edit]
[-] dumpiso
[edit]
[-] getfacl
[edit]
[-] easy_install-3.6
[edit]
[-] smtpd.py
[edit]
[-] egrep
[edit]
[-] perldoc
[edit]
[-] shasum
[edit]
[-] db47_load
[edit]
[-] localectl
[edit]
[-] ssh-agent
[edit]
[-] dsync
[edit]
[-] lexgrog
[edit]
[-] db_printlog
[edit]
[-] uuencode
[edit]
[-] psfaddtable
[edit]
[-] flex++
[edit]
[-] pkcheck
[edit]
[-] automake
[edit]
[-] tzselect
[edit]
[-] traceroute6
[edit]
[-] ps2pdf13
[edit]
[-] lz4c
[edit]
[-] nettle-hash
[edit]
[-] sg_senddiag
[edit]
[-] kbd_mode
[edit]
[-] chown
[edit]
[-] pure-pw
[edit]
[-] ffplay
[edit]
[-] xset
[edit]
[-] iso-read
[edit]
[-] sg_prevent
[edit]
[-] dbus-test-tool
[edit]
[-] screen
[edit]
[-] ssltap
[edit]
[-] package-cleanup
[edit]
[-] tchmgr
[edit]
[-] command
[edit]
[-] bash
[edit]
[-] gtk-update-icon-cache
[edit]
[-] iusql
[edit]
[-] repodiff
[edit]
[-] systemd-stdio-bridge
[edit]
[-] size
[edit]
[-] sqlite3
[edit]
[-] find-repos-of-install
[edit]
[-] msgfmt
[edit]
[-] fmt
[edit]
[-] sg_read
[edit]
[-] x86_64-redhat-linux-c++
[edit]
[-] gd2topng
[edit]
[-] script
[edit]
[-] coredumpctl
[edit]
[-] cd-drive
[edit]
[-] systemd-cgtop
[edit]
[-] aclocal
[edit]
[-] man
[edit]
[-] ssh-keygen
[edit]
[-] python2.7-config
[edit]
[-] jetbackupapi
[edit]
[-] p11-kit
[edit]
[-] gnroff
[edit]
[-] Magick++-config
[edit]
[-] rev
[edit]
[-] rcsdiff
[edit]
[-] tracepath6
[edit]
[-] nice
[edit]
[-] heif-enc
[edit]
[-] lex
[edit]
[-] lsinitrd
[edit]
[-] xrandr
[edit]
[-] tr
[edit]
[-] xsltproc
[edit]
[-] imunify-fgw-dump
[edit]
[-] lprsetup.sh
[edit]
[-] logname
[edit]
[-] db47_verify
[edit]
[-] animate
[edit]
[-] show-changed-rco
[edit]
[-] sdiff
[edit]
[-] gdcmpgif
[edit]
[-] teamnl
[edit]
[-] dumpsexp
[edit]
[-] geoiplookup
[edit]
[-] zcat
[edit]
[-] modutil
[edit]
[-] gresource
[edit]
[-] xorg-x11-fonts-update-dirs
[edit]
[-] test
[edit]
[-] pip2.7
[edit]
[-] lefty
[edit]
[-] free
[edit]
[-] eject
[edit]
[-] ea-php72-pear
[edit]
[-] mysqld_pre_systemd
[edit]
[-] zgrep
[edit]
[-] autoheader
[edit]
[-] zmore
[edit]
[-] du
[edit]
[-] lchfn
[edit]
[-] xzless
[edit]
[-] tclsh
[edit]
[-] nl-cls-delete
[edit]
[-] gss-client
[edit]
[-] lua
[edit]
[-] tcftest
[edit]
[-] read
[edit]
[-] renew-dummy-cert
[edit]
[-] nf-ct-add
[edit]
[-] tar
[edit]
[-] inotifywatch
[edit]
[-] iceauth
[edit]
[-] tcutest
[edit]
[-] osage
[edit]
[-] dbus-update-activation-environment
[edit]
[-] autoreconf
[edit]
[-] openssl11
[edit]
[-] json_pp
[edit]
[-] sw-engine
[edit]
[-] fc-match
[edit]
[-] conjure
[edit]
[-] chcat
[edit]
[-] lsblk
[edit]
[-] resizecons
[edit]
[-] im360-k8s-syncer
[edit]
[-] runcon
[edit]
[-] sotruss
[edit]
[-] shar
[edit]
[-] dpkg-query
[edit]
[-] rcsclean
[edit]
[-] pdnsutil
[edit]
[-] dc
[edit]
[-] vdir
[edit]
[-] merge
[edit]
[-] pip3.6
[edit]
[-] znew
[edit]
[-] rename
[edit]
[-] sha384sum
[edit]
[-] gxl2gv
[edit]
[-] gzip
[edit]
[-] eqn
[edit]
[-] db_log_verify
[edit]
[-] login
[edit]
[-] gv2gxl
[edit]
[-] ffmpeg
[edit]
[-] mysqlshow
[edit]
[-] usx2yloader
[edit]
[-] gpg-connect-agent
[edit]
[-] printafm
[edit]
[-] htdbm
[edit]
[-] hb-view
[edit]
[-] umask
[edit]
[-] rcsfreeze
[edit]
[-] lsphp
[edit]
[-] kbdinfo
[edit]
[-] ps2pdf12
[edit]
[-] pgrep
[edit]
[-] pkexec
[edit]
[-] ld
[edit]
[-] rescan-scsi-bus.sh
[edit]
[-] gsnd
[edit]
[-] zsoelim
[edit]
[-] xmlwf
[edit]
[-] xargs
[edit]
[-] psed
[edit]
[-] yum-groups-manager
[edit]
[-] tmon
[edit]