-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfw_services.py
229 lines (217 loc) · 12 KB
/
fw_services.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
#
# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner <[email protected]>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from fw_config import _
from fw_functions import getPortID, getServiceName
class _Service:
def __init__ (self, key, name, ports, description=None, modules=[ ],
destination={ }, default=None):
self.key = key
self.name = name
self.ports = ports
self.description = description
self.modules = modules
self.destination = destination
self.default = default
service_list = [
_Service("ipp-client", _("Network Printing Client (IPP)"),
[ ("631", "udp"), ],
_("The Internet Printing Protocol (IPP) is used for "
"distributed printing. IPP (over udp) provides the ability to "
"get information about a printer (e.g. capability and status) "
"and to control printer jobs. If you plan to use a remote "
"network printer via cups, do not disable this option."),
default=["desktop"]),
_Service("ipp", _("Network Printing Server (IPP)"),
[ ("631", "tcp"), ("631", "udp"), ],
_("The Internet Printing Protocol (IPP) is used for "
"distributed printing. IPP (over tcp) provides the ability to "
"share printers over the network. Enable this option if you "
"plan to share printers via cups over the network.")),
_Service("mdns", _("Multicast DNS (mDNS)"), [ ("5353", "udp"), ],
_("mDNS provides the ability to use DNS programming "
"interfaces, packet formats and operating semantics in a "
"small network without a conventional DNS server. If you plan "
"to use Avahi, do not disable this option."),
default=["desktop"],
destination={"ipv4": "224.0.0.251", "ipv6": "ff02::fb"}),
_Service("ipsec", _("IPsec"), [ (None, "ah"), (None, "esp"),
(500, "udp"), ],
_("Internet Protocol Security (IPsec) incorporates security "
"for network transmissions directly into the Internet Protocol "
"(IP). IPsec provides methods for both encrypting data "
"and authentication for the host or network it sends to. If you "
"plan to use a vpnc server or FreeS/WAN, do not disable this "
"option."),
default=["desktop"]),
_Service("ssh", _("SSH"), [ ("22", "tcp"), ],
_("Secure Shell (SSH) is a protocol for logging into and "
"executing commands on remote machines. It provides secure "
"encrypted communications. If you plan on accessing your "
"machine remotely via SSH over a firewalled interface, enable "
"this option. You need the openssh-server package installed "
"for this option to be useful." ),
default=["server"]),
# _Service("telnet", _("Telnet"), [ ("23", "tcp"), ],
# "Telnet is a protocol for logging into remote machines. It "
# "is unencrypted, and provides little security from network "
# "snooping attacks. Enabling telnet is not recommended. You need "
# "the telnet-server package installed for this option to be "
# "useful."),
_Service("http", _("WWW (HTTP)"), [ ("80", "tcp"), ],
_("HTTP is the protocol used to serve Web pages. If you plan to "
"make your Web server publicly available, enable this option. "
"This option is not required for viewing pages locally or "
"developing Web pages.")),
_Service("ftp", _("FTP"), [ ("21", "tcp"), ],
_("FTP is a protocol used for remote file transfer. If you plan "
"to make your FTP server publicly available, enable this "
"option. You need the vsftpd package installed for this option "
"to be useful."),
modules=[ "nf_conntrack_ftp", ]),
_Service("nfs", _("NFS4"), [ ("2049", "tcp"), ],
_("The NFS4 protocol is used to share files via TCP networking. "
"You will need to have the NFS tools installed "
"and properly configure your NFS server for this option to be "
"useful.")),
_Service("https", _("Secure WWW (HTTPS)"), [ ("443", "tcp"), ],
_("HTTPS is a modified HTTP used to serve Web pages when security "
"is important. Examples are sites that require logins like "
"stores or web mail. This option is not required for viewing "
"pages locally or developing Web pages. You need the httpd "
"package installed for this option to be useful.")),
_Service("smtp", _("Mail (SMTP)"), [ ("25", "tcp"), ],
_("This option allows incoming SMTP mail delivery. If you need "
"to allow "
"remote hosts to connect directly to your machine to deliver "
"mail, enable this option. You do not need to enable this if "
"you collect your mail from your ISP's server by POP3 or IMAP, "
"or if you use a tool such as fetchmail. Note that an "
"improperly configured SMTP server can allow remote machines "
"to use your server to send spam.")),
_Service("samba-client", _("Samba Client"), [ ("137", "udp"),
("138", "udp"), ],
_("This option allows you to access Windows file and printer "
"sharing networks. You need the samba-client "
"package installed for this option to be useful."),
modules=[ "nf_conntrack_netbios_ns", ],
default=["desktop"]),
_Service("samba", _("Samba"), [ ("137", "udp"), ("138", "udp"),
("139", "tcp"), ("445", "tcp"), ],
_("This option allows you to access and participate in Windows "
"file and printer sharing networks. You need the samba "
"package installed for this option to be useful."),
modules=[ "nf_conntrack_netbios_ns", ]),
_Service("dns", _("DNS"), [ ("53", "tcp"), ("53", "udp"), ],
_("The Domain Name System (DNS) is used to provide and request "
"host and domain names. Enable this option, if you plan to "
"provide a domain name service (e.g. with bind).")),
_Service("imaps", _("IMAP over SSL"), [ ("993", "tcp"), ],
_("The Internet Message Access Protocol over SSL (IMAPs) allows "
"a local client to access email on a remote server in a secure "
"way. If you plan to provide a IMAP over SSL service (e.g. with "
"dovecot), enable this option.")),
_Service("pop3s", _("POP-3 over SSL"), [ ("995", "tcp"), ],
_("The Post Office Protocol version 3 (POP3) is a protocol to "
"retrieve email from a remote server over a TCP/IP "
"connection. Enable this option, if you plan to provide a POP3 "
"service (e.g. with dovecot).")),
_Service("radius", _("RADIUS"), [ ("1812", "udp"), ("1813", "udp"), ],
_("The Remote Authentication Dial In User Service (RADIUS) is a "
"protocol for user authentication over networks. It is mostly "
"used for modem, DSL or wireless user authentication. If you "
"plan to provide a RADIUS service (e.g. with freeradius), "
"enable this option.")),
_Service("openvpn", _("OpenVPN"), [ ("1194", "udp"), ],
_("OpenVPN is a virtual private network (VPN) solution. It is "
"used to create encrypted point-to-point tunnels between "
"computers. If you plan to provide a VPN service, enable this "
"option.")),
_Service("tftp", _("TFTP"), [ ("69", "udp"), ],
_("The Trivial File Transfer Protocol (TFTP) is a protocol used "
"to transfer files to and from a remote machine in s simple "
"way. It is normally used only for booting diskless "
"workstations and also to transfer data in the Preboot "
"eXecution Environment (PXE)."),
modules=[ "nf_conntrack_tftp", ]),
_Service("tftp-client", _("TFTP Client"), [ ],
_("This option allows you to access Trivial File Transfer "
"Protocol (TFTP) servers. You need the tftp "
"package installed for this option to be useful."),
modules=[ "nf_conntrack_tftp", ]),
_Service("cluster-suite", _("Red Hat Cluster Suite"), [
# corosync/openais
(5404, "udp"), (5405, "udp"),
# rgmanager pre F-12, RHEL-6
#(41966, "tcp"), (41967, "tcp"), (41968, "tcp"), (41969, "tcp"),
# ricci
(11111, "tcp"),
# dlm
(21064, "tcp"),
# cssd pre F-12, RHEL-6
#(50006, "tcp"), (50008, "tcp"), (50009, "tcp"), (50007, "udp"),
],
_("This option allows you to use the Red Hat Cluster Suite. "
"Ports are opened for openais, ricci and dlm. You need the "
"Red Hat Cluster Suite installed for this option to be "
"useful.")),
_Service("amanda-client", _("Amanda Backup Client"), [ (10080, "udp"), ],
_("The Amanda backup client option allows you to connect to a "
"Amanda backup and archiving server. You need the "
"amanda-client package installed for this option to be "
"useful."),
modules=[ "nf_conntrack_amanda", ]),
_Service("bacula-client", _("Bacula Client"), [ (9102, "tcp"), ],
_("This option allows a Bacula server to connect to the local "
"machine to schedule backups. You need the bacula-client "
"package installed for this option to be useful.")),
_Service("bacula", _("Bacula"), [ (9101, "tcp"), (9102, "tcp"),
(9103, "tcp"), ],
_("Bacula is a network backup solution. Enable this option, if "
"you plan to provide Bacula backup, file and storage "
"services.")),
_Service("libvirt", _("Virtual Machine Management"), [ (16509, "tcp"), ],
_("Enable this option if you want to allow remote virtual "
"machine management with SASL authentication and encryption "
"(digest-md5 passwords or GSSAPI/Kerberos). The libvirtd "
"service is needed for this option to be useful.")),
_Service("libvirt-tls", _("Virtual Machine Management (TLS)"),
[ (16514, "tcp"), ],
_("Enable this option if you want to allow remote virtual "
"machine management with TLS encryption, x509 certificates "
"and optional SASL authentication. The libvirtd service is "
"needed for this option to be useful.")),
]
def getByKey(key):
for x in service_list:
if x.key == key:
return x
return None
def getByName(name):
for x in service_list:
if x.name == name:
return x
return None
def getByPort(port, proto):
for x in service_list:
id = getPortID(port)
name = getServiceName(port, proto)
if (id, proto) in x.ports or (str(id), proto) in x.ports or \
(name, proto) in x.ports:
return x
return None