我试图通过Python firewalld模块控制dbus。
我想为我当前的运行时以及永久配置添加一个ip地址到受信任区域。
以下是firewalld dbus界面的文档:
http://manpages.ubuntu.com/manpages/wily/man5/firewalld.dbus.5.html
什么有效:运行时配置
我可以将它添加到运行时配置中,只需使用它:
def trustIP(ip):
''' firewalld must already be running '''
from dbus import SystemBus
bus = SystemBus()
runtimeProxy = bus.get_object('org.fedoraproject.FirewallD1',
'/org/fedoraproject/FirewallD1')
runtimeProxy.addSource('trusted', ip)
非常简单。
什么不起作用:永久配置
将其添加到永久配置已被证明更加困难。以下是我迄今为止以交互方式尝试的内容:
>>> from dbus import SystemBus
>>> bus = SystemBus()
# First I need to find out which object is for the trusted zone...
>>> config = bus.get_object('org.fedoraproject.FirewallD1',
'/org/fedoraproject/FirewallD1/config')
>>> config.getZoneByName('trusted')
dbus.ObjectPath('/org/fedoraproject/FirewallD1/config/zone/7')
>>> permanentProxy = bus.get_object('org.fedoraproject.FirewallD1',
'/org/fedoraproject/FirewallD1/config/zone/7')
# A quick check to make sure I have the right object:
>>> permanentProxy.getShort()
dbus.String(u'Trusted')
# Exactly what I expected, so move on and...
>>> permanentProxy.addSource('aaa.xxx.yyy.zzz') # Actual ip removed...
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException:
org.freedesktop.DBus.Python.dbus.exceptions.DBusException:
dbus_to_python() takes exactly 1 argument (2 given)
我还尝试检查permanentProxy.getDescription(),它返回了应有的描述,然后我尝试使用与permanentProxy.setDescription('test')完全相同的堆栈跟踪失败的permanentProxy.addSource('aaa.xxx.yyy.zzz')。
我会得出这样的结论:bug存在于python dbus模块中,并假设它在某种程度上不能正确处理参数,除了runtimeProxy.addSource('trusted', ip)涉及两个参数和工作的事实完美。 config.getZoneByName('trusted')甚至与permanentProxy.addSource(&#39; aaa.xxx.yyy.zzz&#39;)`具有相同的签名,只有一个字符串,并且运行正常。
所以也许有些奇怪的我不知道了?但我不知道那是什么......
我尝试过的更多内容没有成功
我考虑过可能addSource应该在没有字符串参数的情况下被调用的可能性,也许是某种程度上的咖喱,所以我尝试了这个:
>>> permanentProxy.addSource()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Python.TypeError: Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/slip/dbus/service.py", line 123, in reply_handler
result = method(self, *p, **k)
TypeError: addSource() takes at least 2 arguments (2 given)
现在这只是更奇怪......我在另一个追溯中有一个Traceback坚持我需要传递至少2个参数,但也说我给了它两个参数(我实际上只给了它一个,所以如何& #39; d反正拿出两个?)
我尝试了一些没有成功的事情:
>>> permanentProxy.addSource(dbus_interface='org.fedoraproject.FirewallD1.config.zone')
ERROR:dbus.connection:Unable to set arguments () according to signature u's': <type 'exceptions.TypeError'>: More items found in D-Bus signature than in Python arguments
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 641, in call_blocking
message.append(signature=signature, *args)
TypeError: More items found in D-Bus signature than in Python arguments
>>> permanentProxy.addSource('aaa.xxx.yyy.zzz', dbus_interface='org.fedoraproject.FirewallD1.config.zone')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException:
org.freedesktop.DBus.Python.dbus.exceptions.DBusException:
dbus_to_python() takes exactly 1 argument (2 given)
>>> from dbus import Interface
>>> Interface(permanentProxy, 'org.fedoraproject.FirewallD1.config.zone').addSource('aaa.xxx.yyy.zzz')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException:
org.freedesktop.DBus.Python.dbus.exceptions.DBusException:
dbus_to_python() takes exactly 1 argument (2 given)
尔加!
这看起来好像是dbus中的一个错误...不知怎的,它最初错误地解析addSource并认为它需要的参数较少,但是如果你给它的参数更少就像它想要的那样,它会通过那个错误的检查,然后它会正确解决并失败,因为你的论点不匹配。
无论如何,这是我的理论。有人看到的东西我不是吗?有没有办法解决这个bug,如果有的话呢? IE ...是否有某种内部方法我可以在dbus上使用它会强制它调用正确的方法?
答案 0 :(得分:1)
以下适用于我:
>>> import dbus
>>> bus = dbus.SystemBus()
>>> config = bus.get_object('org.fedoraproject.FirewallD1',
... '/org/fedoraproject/FirewallD1/config')
>>> path = config.getZoneByName('trusted')
>>> zone = bus.get_object('org.fedoraproject.FirewallD1', path)
>>> zone.addSource('192.168.1.0/24')
此时,如果我查看/etc/firewalld/zones/trusted.xml,我可以看到源地址已按预期添加:
<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
<short>Trusted</short>
<description>All network connections are accepted.</description>
<interface name="docker0"/>
<interface name="virbr0"/>
<source address="192.168.1.0/24"/>
</zone>
...表示我已成功更改了持久配置。
如果我在第二次get_object调用中使用文字路径而不是config.getZoneByName的返回值,则上述方法也有效。
为了它的价值,我正在跑步:
<强>更新
您没有看到任何更新的东西,因为您使用的是CentOS,而不是Fedora。看起来解决这个特定任务的最简单方法可能是使用FirewallD附带的firewall python模块。以下适用于CentOS 7:
>>> from firewall.client import *
>>> client = FirewallClient()
>>> zone = client.config().getZoneByName('public')
>>> settings = zone.getSettings()
>>> settings.addSource('192.168.1.0/24')
>>> zone.update(settings)
另一个更新
浏览源代码到firewall.client模块,您可以通过直接dbus这样做:
>>> zone = bus.get_object('org.fedoraproject.FirewallD1', path)
>>> settings = zone.getSettings()
>>> settings[11].append('192.168.20.0/24')
>>> zone.update(settings)
这个也在CentOS下工作正常......但是你使用firewall模块会好得多。