VhJddlmZmZmZeZdZdZddlm Z ddl m Z ddl m Z mZ ddlmZddlmZGd d e ZGd d e ZGd de ZGdde ZGdde ZGdde ZGdde ZGdde ZGdde ZGdde ZGdde ZGdd e ZGd!d"e Zd#Z e!d$k(re y%y%#e$rYwxYw)&)absolute_importdivisionprint_functiona6 --- module: firewalld short_description: Manage arbitrary ports/services with firewalld description: - This module allows for addition or deletion of services and ports (either TCP or UDP) in either running or permanent firewalld rules. options: service: description: - Name of a service to add/remove to/from firewalld. - The service must be listed in output of C(firewall-cmd --get-services). type: str protocol: description: - Name of a protocol to add/remove to/from firewalld. type: str port: description: - Name of a port or port range to add/remove to/from firewalld. - Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges. type: str port_forward: description: - Port and protocol to forward using firewalld. type: list elements: dict suboptions: port: type: str required: true description: - Source port to forward from. proto: type: str required: true description: - protocol to forward. choices: [udp, tcp] toport: type: str required: true description: - destination port. toaddr: type: str description: - Optional address to forward to. rich_rule: description: - Rich rule to add/remove to/from firewalld. - See L(Syntax for firewalld rich language rules,https://firewalld.org/documentation/man-pages/firewalld.richlanguage.html). type: str source: description: - The source/network you would like to add/remove to/from firewalld. type: str interface: description: - The interface you would like to add/remove to/from a zone in firewalld. type: str icmp_block: description: - The ICMP block you would like to add/remove to/from a zone in firewalld. type: str icmp_block_inversion: description: - Enable/Disable inversion of ICMP blocks for a zone in firewalld. type: str zone: description: - The firewalld zone to add/remove to/from. - Note that the default zone can be configured per system but V(public) is default from upstream. - Available choices can be extended based on per-system configs, listed here are "out of the box" defaults. - Possible values include V(block), V(dmz), V(drop), V(external), V(home), V(internal), V(public), V(trusted), V(work). type: str permanent: description: - Whether to apply this change to the permanent firewalld configuration. - As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld >= 0.3.9). - Note that if this is V(false), O(immediate=true) by default. type: bool default: false immediate: description: - Whether to apply this change to the runtime firewalld configuration. - Defaults to V(true) if O(permanent=false). type: bool default: false state: description: - Enable or disable a setting. - 'For ports: Should this port accept (V(enabled)) or reject (V(disabled)) connections.' - The states V(present) and V(absent) can only be used in zone level operations (i.e. when no other parameters but zone and state are set). type: str required: true choices: [ absent, disabled, enabled, present ] timeout: description: - The amount of time in seconds the rule should be in effect for when non-permanent. type: int default: 0 forward: description: - The forward setting you would like to enable/disable to/from zones within firewalld. - This option only is supported by firewalld v0.9.0 or later. type: str masquerade: description: - The masquerade setting you would like to enable/disable to/from zones within firewalld. type: str offline: description: - Ignores O(immediate) if O(permanent=true) and firewalld is not running. type: bool default: false target: description: - firewalld Zone target. - If O(state=absent), this will reset the target to default. choices: [ default, ACCEPT, DROP, "%%REJECT%%" ] type: str version_added: 1.2.0 notes: - Not tested on any Debian based system. - Requires the python2 bindings of firewalld, which may not be installed by default. - For distributions where the python2 firewalld bindings are unavailable (e.g Fedora 28 and later) you will have to set the ansible_python_interpreter for these hosts to the python3 interpreter path and install the python3 bindings. - Zone transactions (creating, deleting) can be performed by using only the zone and state parameters "present" or "absent". Note that zone transactions must explicitly be permanent. This is a limitation in firewalld. This also means that you will have to reload firewalld after adding a zone that you wish to perform immediate actions on. The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not permanent. Therefore, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone. - This module needs C(python-firewall) or C(python3-firewall) on managed nodes. It is usually provided as a subset with C(firewalld) from the OS distributor for the OS default Python interpreter. requirements: - firewalld >= 0.9.0 - python-firewall >= 0.9.0 author: - Adam Miller (@maxamillion) a - name: permanently enable https service, also enable it immediately if possible ansible.posix.firewalld: service: https state: enabled permanent: true immediate: true offline: true - name: permit traffic in default zone for https service ansible.posix.firewalld: service: https permanent: true state: enabled - name: permit ospf traffic ansible.posix.firewalld: protocol: ospf permanent: true state: enabled - name: do not permit traffic in default zone on port 8081/tcp ansible.posix.firewalld: port: 8081/tcp permanent: true state: disabled - ansible.posix.firewalld: port: 161-162/udp permanent: true state: enabled - ansible.posix.firewalld: zone: dmz service: http permanent: true state: enabled - ansible.posix.firewalld: rich_rule: rule service name="ftp" audit limit value="1/m" accept permanent: true state: enabled - ansible.posix.firewalld: source: 192.0.2.0/24 zone: internal state: enabled - ansible.posix.firewalld: zone: trusted interface: eth2 permanent: true state: enabled - ansible.posix.firewalld: forward: true state: enabled permanent: true zone: internal - ansible.posix.firewalld: masquerade: true state: enabled permanent: true zone: dmz - ansible.posix.firewalld: zone: custom state: present permanent: true - ansible.posix.firewalld: zone: drop state: enabled permanent: true icmp_block_inversion: true - ansible.posix.firewalld: zone: drop state: enabled permanent: true icmp_block: echo-request - ansible.posix.firewalld: zone: internal state: present permanent: true target: ACCEPT - name: Redirect port 443 to 8443 with Rich Rule ansible.posix.firewalld: rich_rule: rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443 zone: public permanent: true immediate: true state: enabled ) AnsibleModule)boolean)FirewallTransaction fw_offline) Rich_Rule)FirewallClientZoneSettingscHeZdZdZd fd ZdZdZdZdZdZ dZ xZ S) IcmpBlockTransactionz IcmpBlockTransaction c8tt| ||||||yN action_args desired_statezone permanent immediate)superr __init__selfmodulerrrrr __class__s k/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/ansible/posix/plugins/modules/firewalld.pyrzIcmpBlockTransaction.__init__ s' "D2  =t_ht} 3 cP||jj|jvSN)fw getIcmpBlocksrr icmp_blocktimeouts rget_enabled_immediatez*IcmpBlockTransaction.get_enabled_immediates TWW22499===rcL|j\}}||jvSr)get_fw_zone_settingsr!rr#r$fw_zone fw_settingss rget_enabled_permanentz*IcmpBlockTransaction.get_enabled_permanents)#88:[66888rcR|jj|j||yr)r addIcmpBlockrr"s rset_enabled_immediatez*IcmpBlockTransaction.set_enabled_immediates TYY G9=6 76rr cHeZdZdZd fd ZdZdZdZdZdZ dZ xZ S) IcmpBlockInversionTransactionz' IcmpBlockInversionTransaction c8tt| ||||||yr)rr@rrs rrz&IcmpBlockInversionTransaction.__init__.s' +T;  =t_ht} < rcT|jj|jduryyNTF)r queryIcmpBlockInversionrrs rr%z3IcmpBlockInversionTransaction.get_enabled_immediate3s# 77 * *499 5 =rcP|j\}}|jduryyrC)r'getIcmpBlockInversionrr)r*s rr+z3IcmpBlockInversionTransaction.get_enabled_permanent9s,#88:  , , .$ 6rcN|jj|jyr)r addIcmpBlockInversionrrEs rr.z3IcmpBlockInversionTransaction.set_enabled_immediate@s %%dii0rcp|j\}}|jd|j||yNTr'setIcmpBlockInversionr0rHs rr1z3IcmpBlockInversionTransaction.set_enabled_permanentCs3#88:))$/ 5rcN|jj|jyr)r removeIcmpBlockInversionrrEs rr4z4IcmpBlockInversionTransaction.set_disabled_immediateHs ((3rcp|j\}}|jd|j||yNFrMrHs rr6z4IcmpBlockInversionTransaction.set_disabled_permanentKs3#88:))%0 5rr7r8r>s@rr@r@)s+  16 46rr@cHeZdZdZd fd ZdZdZdZdZdZ dZ xZ S) ServiceTransactionz ServiceTransaction c8tt| ||||||yr)rrTrrs rrzServiceTransaction.__init__Vs'  $0  =t_ht} 1 rcT||jj|jvryyrC)r getServicesrrservicer$s rr%z(ServiceTransaction.get_enabled_immediate[s# dgg))$))4 4rcP|j\}}||jvryyrC)r'rWrrYr$r)r*s rr+z(ServiceTransaction.get_enabled_permanentas,#88: k--/ /rcR|jj|j||yr)r addServicerrXs rr.z(ServiceTransaction.set_enabled_immediateis 499gw7rcp|j\}}|j||j||yr)r'r]r0r[s rr1z(ServiceTransaction.set_enabled_permanentls3#88:w' 5rcP|jj|j|yr)r removeServicerrXs rr4z)ServiceTransaction.set_disabled_immediateqs dii1rcp|j\}}|j||j||yr)r'r`r0r[s rr6z)ServiceTransaction.set_disabled_permanentts3#88:!!'* 5rr7r8r>s@rrTrTQs+  86 26rrTcHeZdZdZd fd ZdZdZdZdZdZ dZ xZ S) ProtocolTransactionz ProtocolTransaction c8tt| ||||||yr)rrcrrs rrzProtocolTransaction.__init__' !41  =t_ht} 2 rcT||jj|jvryyrC)r getProtocolsrrprotocolr$s rr%z)ProtocolTransaction.get_enabled_immediates# tww++DII6 6rcP|j\}}||jvryyrC)r'rgrrir$r)r*s rr+z)ProtocolTransaction.get_enabled_permanents,#88: {//1 1rcR|jj|j||yr)r addProtocolrrhs rr.z)ProtocolTransaction.set_enabled_immediates DIIx9rcp|j\}}|j||j||yr)r'rmr0rks rr1z)ProtocolTransaction.set_enabled_permanents3#88:) 5rcP|jj|j|yr)r removeProtocolrrhs rr4z*ProtocolTransaction.set_disabled_immediates tyy(3rcp|j\}}|j||j||yr)r'rpr0rks rr6z*ProtocolTransaction.set_disabled_permanents3#88:""8, 5rr7r8r>s@rrcrczs+  :6 46rrccHeZdZdZd fd ZdZdZdZdZdZ dZ xZ S) ForwardTransactionz ForwardTransaction ctt| ||||||d|jz|_d|jz|_y)NrzAdded forward to zone %szRemoved forward from zone %s)rrsrr enabled_msg disabled_msgrs rrzForwardTransaction.__init__sK  $0  =t_ht} 1 6 A:TYYFrcT|jj|jduryyrC)r queryForwardrrEs rr%z(ForwardTransaction.get_enabled_immediates# 77   *d 2rcP|j\}}|jduryyrC)r'rxrHs rr+z(ForwardTransaction.get_enabled_permanents,#88:  # # % -rcN|jj|jyr)r addForwardrrEs rr.z(ForwardTransaction.set_enabled_immediates 499%rcp|j\}}|jd|j||yrLr' setForwardr0rHs rr1z(ForwardTransaction.set_enabled_permanents3#88:t$ 5rcN|jj|jyr)r removeForwardrrEs rr4z)ForwardTransaction.set_disabled_immediate dii(rcp|j\}}|jd|j||yrRr}rHs rr6z)ForwardTransaction.set_disabled_permanents3#88:u% 5rr7r8r>s@rrsrss,G &6 )6rrscHeZdZdZd fd ZdZdZdZdZdZ dZ xZ S) MasqueradeTransactionz MasqueradeTransaction ctt| ||||||d|jz|_d|jz|_y)NrzAdded masquerade to zone %szRemoved masquerade from zone %s)rrrrrurvrs rrzMasqueradeTransaction.__init__sK #T3  =t_ht} 4 9499D= IrcT|jj|jduryyrC)r queryMasqueraderrEs rr%z+MasqueradeTransaction.get_enabled_immediates# 77 " "499 - 5rcP|j\}}|jduryyrC)r' getMasqueraderHs rr+z+MasqueradeTransaction.get_enabled_permanents,#88:  $ $ &$ .rcN|jj|jyr)r addMasqueraderrEs rr.z+MasqueradeTransaction.set_enabled_immediaterrcp|j\}}|jd|j||yrLr' setMasquerader0rHs rr1z+MasqueradeTransaction.set_enabled_permanents3#88:!!$' 5rcN|jj|jyr)r removeMasqueraderrEs rr4z,MasqueradeTransaction.set_disabled_immediates   +rcp|j\}}|jd|j||yrRrrHs rr6z,MasqueradeTransaction.set_disabled_permanents3#88:!!%( 5rr7r8r>s@rrrs,J )6 ,6rrcHeZdZdZd fd ZdZdZdZdZdZ dZ xZ S) PortTransactionz PortTransaction c8tt| ||||||yr)rrrrs rrzPortTransaction.__init__s& ot-  =t_ht} . rc|jr&|j\}}|j||S|jj|j||S)Nportri)rrri)r r' queryPortr rrrrir$dummyr*s rr%z%PortTransaction.get_enabled_immediatesR ??!%!:!:!< E;((dX(F Fww  diidX NNrcN|j\}}|j||S)Nr)r'rrs rr+z%PortTransaction.get_enabled_permanent s+!668{$$$$BBrcT|jj|j|||yr)r addPortrrrrir$s rr.z%PortTransaction.set_enabled_immediate s  47;rcr|j\}}|j|||j||yr)r'rr0rrrir$r)r*s rr1z%PortTransaction.set_enabled_permanents5#88:D(+ 5rcR|jj|j||yr)r removePortrrs rr4z&PortTransaction.set_disabled_immediates 499dH5rcr|j\}}|j|||j||yr)r'rr0rs rr6z&PortTransaction.set_disabled_permanents5#88:tX. 5rr7r8r>s@rrrs- O C<6 66rrcHeZdZdZd fd ZdZdZdZdZdZ dZ xZ S) InterfaceTransactionz InterfaceTransaction ctt| ||||||d|jdd|j|_d|jdd|j|_y)NrzChanged r to zone Removed from zone )rrrrrrurvrs rrzInterfaceTransaction.__init__#sg "D2  =t_ht} 3   a $))-  a $))-rc|jr$|j\}}|j}n%|jj|j}||vryyrC)r r' getInterfacesr r)r interfacer)r*interface_lists rr%z*InterfaceTransaction.get_enabled_immediate.sP ??#'#<#<#> G[(668N!WW22499=N  &rcP|j\}}||jvryyrC)r'rrrr)r*s rr+z*InterfaceTransaction.get_enabled_permanent9s,#88:  113 3rcP|jj|j|yr)r changeZoneOfInterfacerrrs rr.z*InterfaceTransaction.set_enabled_immediateAs %%dii;rc|j\}}|jrg}|jjj D]G}|jjj |}||j vs7|j|It|dkDr6|jjdj|t|nt|dk(r|dj|jk7r|d}|jjj|}tt!|}|j#||jjj%||j&|j)||jjj%||j&y|jjj+|} | |jk7r| r[|jjj-| }|j/}|j#||j1||j)||j1|yy)Nz@ERROR: interface {0} is in {1} zone XML file, can only be in onemsgr)r'r r config get_zonesget_zone interfacesappendlenr fail_jsonformatnamerget_zone_configr listremoveInterfaceset_zone_configsettings addInterfacegetZoneOfInterface getZoneByName getSettingsupdate) rrr)r*iface_zone_objsr old_zone_objold_zone_configold_zone_settings old_zone_names rr1z*InterfaceTransaction.set_enabled_permanentDs#88: ?? O002 9#ww~~66t<  7 77#**<8 9 ?#a' %%Zaa!O,& _%*q/A/F/F$))/S.q1 "&''.."@"@"N$>tO?T$U!!11)<.. %..  $ $Y / GGNN * *7K4H4H I GGNN,?? JM ) #'77>>#3#A#A-#PL(4(@(@(B%%55i@ ''(9:((3{+*rcP|jj|j|yr)r rrrs rr4z+InterfaceTransaction.set_disabled_immediatels  95rcp|j\}}|j||j||yr)r'rr0rs rr6z+InterfaceTransaction.set_disabled_permanentos3#88:##I. 5rr7r8r>s@rrrs, - <&,P66rrcHeZdZdZd fd ZdZdZdZdZdZ dZ xZ S) RichRuleTransactionz RichRuleTransaction c8tt| ||||||yr)rrrrs rrzRichRuleTransaction.__init__zrerc~tt|}||jj|jvryyN)rule_strTF)strr r getRichRulesrrruler$s rr%z)RichRuleTransaction.get_enabled_immediates49d+, 477'' 2 2rcz|j\}}tt|}||jvryyr)r'rr rrrr$r)r*s rr+z)RichRuleTransaction.get_enabled_permanents=#88:9d+, ;++- -rcR|jj|j||yr)r addRichRulerrs rr.z)RichRuleTransaction.set_enabled_immediates DIItW5rcp|j\}}|j||j||yr)r'rr0rs rr1z)RichRuleTransaction.set_enabled_permanents3#88:% 5rcP|jj|j|yr)r removeRichRulerrs rr4z*RichRuleTransaction.set_disabled_immediates tyy$/rcp|j\}}|j||j||yr)r'rr0rs rr6z*RichRuleTransaction.set_disabled_permanents3#88:""4( 5rr7r8r>s@rrrus+ 66 06rrcHeZdZdZd fd ZdZdZdZdZdZ dZ xZ S) SourceTransactionz SourceTransaction ctt| ||||||d|jdd|j|_d|jdd|j|_y)NrzAdded rrrr)rrrrrrurvrs rrzSourceTransaction.__init__sg /  =t_ht} 0   a $))-  a $))-rcT||jj|jvryyrC)r getSourcesrrsources rr%z'SourceTransaction.get_enabled_immediates# TWW'' 2 2rcP|j\}}||jvryyrC)r'rrrr)r*s rr+z'SourceTransaction.get_enabled_permanents,#88: [++- -rcP|jj|j|yr)r addSourcerrs rr.z'SourceTransaction.set_enabled_immediates $))V,rcp|j\}}|j||j||yr)r'rr0rs rr1z'SourceTransaction.set_enabled_permanent3#88:f% 5rcP|jj|j|yr)r removeSourcerrs rr4z(SourceTransaction.set_disabled_immediates TYY/rcp|j\}}|j||j||yr)r'rr0rs rr6z(SourceTransaction.set_disabled_permanents3#88:  ( 5rr7r8r>s@rrrs+ - -6 06rrcLeZdZdZ d fd ZdZdZdZdZdZ dZ xZ S) ZoneTargetTransactionz ZoneTargetTransaction c tt| |||||||xsddg|xsddgd|jd|d|_d |jz|_d |_y) Npresentenabledabsentdisabledrrrrrenabled_valuesdisabled_valuesz Set zone z target to rzReset zone %s target to default~Zone operations must be permanent. Make sure you didn't set the 'permanent' flag to 'false' or the 'immediate' flag to 'true'.)rrrrrurvtx_not_permanent_error_msg rrrrrrrrrrs rrzZoneTargetTransaction.__init__s{ #T3  =t9)Ci-C+E*/E 4 GYY A(> YY+j'rcP|jj|jyNrrrrrtargets rr%z+ZoneTargetTransaction.get_enabled_immediate $"A"ABrcR|j\}}|j}||k(Sr)r' getTarget)rrr)r*current_targets rr+z+ZoneTargetTransaction.get_enabled_permanents.#88:$..0&()rcP|jj|jyrrrs rr.z+ZoneTargetTransaction.set_enabled_immediaterrcp|j\}}|j||j||yrr' setTargetr0rrr)r*s rr1z+ZoneTargetTransaction.set_enabled_permanentrrcP|jj|jyrrrs rr4z,ZoneTargetTransaction.set_disabled_immediaterrcp|j\}}|jd|j||y)Ndefaultr r s rr6z,ZoneTargetTransaction.set_disabled_permanents3#88:i( 5rNNNTFNNr8r>s@rrrs9KOW[j"C* C6 C6rrcLeZdZdZ d fd ZdZdZdZdZdZ dZ xZ S) ZoneTransactionz ZoneTransaction c tt| |||||||xsdg|xsdgd|jz|_d|jz|_d|_y)Nrrrz Added zone %szRemoved zone %sr)rrrrrurvrrs rrzZoneTransaction.__init__sp ot-  =t9)8i[+9z . ; + YY. YY+j'rcP|jj|jyrrrEs rr%z%ZoneTransaction.get_enabled_immediaterrc|jra|jjj}|Dcgc]1}|jjj |j 3}}nm|jjj }|Dcgc]:}|jjj|jd<}}|j|vScc}wcc}w)Nr) r r rrrr listZonesgetZone get_propertyr)rzonesz zone_namess rr+z%ZoneTransaction.get_enabled_permanents ??GGNN,,.ECHIa$''..11!499IJIGGNN$..0ETYZq$''..*2215BB6JZJZyyJ&& J[s 6C)?C.cP|jj|jyrrrEs rr.z%ZoneTransaction.set_enabled_immediate"rrc|jrC|jjj|jt j y|jjj|jt yr)r r rnew_zonerr raddZonerEs rr1z%ZoneTransaction.set_enabled_permanent%sR ?? GGNN # #DII/I/K/T/T U GGNN  $ $TYY0J0L MrcP|jj|jyrrrEs rr4z&ZoneTransaction.set_disabled_immediate+rrcL|jrU|jjj|j}|jjj |y|jjj |j}|jyr)r r rrr remove_zonerremove)rrzone_objs rr6z&ZoneTransaction.set_disabled_permanent.sd ??77>>**4995D GGNN & &t ,ww~~'55dii@H OO rrr8r>s@rrrs:KOW[j"C'CN CrrcHeZdZdZd fd ZdZdZdZdZdZ dZ xZ S) ForwardPortTransactionz ForwardPortTransaction c8tt| ||||||yr)rr'rrs rrzForwardPortTransaction.__init__<s' $d4  =t_ht} 5 rc|jr(|j\}}|j||||S|jj|j||||S)Nrrito_portto_addr)rrritoporttoaddr)r r'queryForwardPortr rrrprotor-r.r$rr*s rr%z,ForwardPortTransaction.get_enabled_immediateAs^ ??!%!:!:!< E;//TESYci/j jww''TYYTEZ`io'pprcR|j\}}|j||||S)Nr*)r'r/r0s rr+z,ForwardPortTransaction.get_enabled_permanentGs0!668{++v_e+ffrcX|jj|j|||||yr)r addForwardPortrrrr1r-r.r$s rr.z,ForwardPortTransaction.set_enabled_immediateKs" tyy$vvwOrcv|j\}}|j|||||j||yr)r'r4r0rrr1r-r.r$r)r*s rr1z,ForwardPortTransaction.set_enabled_permanentNs9#88:""4? 5rcV|jj|j||||yr)r removeForwardPortrr5s rr4z-ForwardPortTransaction.set_disabled_immediateSs  !!$))T5&&Ircv|j\}}|j|||||j||yr)r'r9r0r7s rr6z-ForwardPortTransaction.set_disabled_permanentVs9#88:%%dE66B 5rr7r8r>s@rr'r'7s/ q gP6 J6rr'cttd=idtddtddtddtddtddtd d d tdd tddtdddtddtdddtddgddtdddtddtddtddtdddtdgd !dtd"d"d#$gd%g&}|jd}|jd}|jd}|jd}|jd}|jd}|jd}|jd}tj||r|s|j d'(t rd}|s|sd}|rt r|j d)(d} g} |jd} |jd} |jd} |jd}|jd }|jd}|jd }|jd}d}|jdXd*|jdvr0|jdjjd*\}}nd}|s|j d+(nd}d,}d}|jdt|jdd-kDr|j d.(|jdd}d|vr|j d/(d0|vr|j d1(d2|vr|j d3(d4|vr|d4}d}t| | | |||||||||g rd}|r|d5vr||j d6(| Ft|| |f||||7}|j\} }| |z} | dur| jd8| d9|| _d} t| d}|d;k(|k(rd;nd<}t#|d=||||7}|j\} }| |z} | dur| jd>| d9|| Ft%|| |f||||7}|j\} }| |z} | dur| jd?| d9||Ft'|||f||||7}|j\} }| |z} | dur| jd@|d9||*t)||f||||7}|j\} }| |z} |Lt+||||f||||7}|j\} }| |z} | dur| jdA|d*|d9||yt-|t/|d|d0t/|d2||f||||7}|j\} }| |z} | dur,| jdBdC|ddD|d0dE|d2dF|d9||Ft1|||f||||7}|j\} }| |z} | dur| jdG|d9||*t3||f||||7}|j\} }| |z} |Dd} t|d}|d;k(|k(rd;nd<}t5|d=||||7}|j\} }| |z} |Dd} t|d}|d;k(|k(rd;nd<}t7|d=||||7}|j\} }| |z} |*t9||f||||7}|j\} }| |z} |sH|d5vrDt;|d=||||7}|j\} }| |z} | dur| jdJ|d9|t r| jdK|j=| dLj?| My#t$r|j!d:| zYwxYw#t$r|j!dH|zYpwxYw#t$r|j!dI|zYNwxYw)NNr#r)typeicmp_block_inversionrYrir port_forwardrdict)r<elements rich_rulerrboolF)r<rrrstateT)rrrr)r<requiredchoicesr$intrrforward masqueradeoffliner)rACCEPTDROPz %%REJECT%%)r<rE)r)r)rrr) r#r=rYrirr>rArrGrHrr) argument_specsupports_check_mode required_bymutually_exclusivez>offline cannot be enabled unless permanent changes are allowedrzhfirewall is not currently running, unable to perform immediate actions without a running firewall daemon/z(improper port format (missing protocol?)rz)Only one port forward supported at a timez'port must be specified for port forwardr1z0proto udp/tcp must be specified for port forwardr-z)toport must be specified for port forwardr.)rrzBabsent and present state can only be used in zone level operations)rrrrrzChanged icmp-block z to zThe value of the icmp_block_inversion option is "%s". The type of the option will be changed from string to boolean in a future release. To avoid unexpected behavior, please change the value to boolean.rrzChanged icmp-block-inversion zChanged service zChanged protocol z Changed port zChanged port_forward zport=z:proto=z:toport=z:toaddr=zChanged rich_rule zThe value of the forward option is "%s". The type of the option will be changed from string to boolean in a future release. To avoid unexpected behavior, please change the value to boolean.zThe value of the masquerade option is "%s". The type of the option will be changed from string to boolean in a future release. To avoid unexpected behavior, please change the value to boolean.z Changed zone z6(offline operation: only on-disk configs were altered)z, )changedr) rr?paramsr sanity_checkrr stripsplitranyr runrr TypeErrorwarnr@rTrcrrr'rrrrsrrr exit_jsonjoin)rrrrr$rrGrHrIrSmsgsr#r=rYrirArrrr port_protocolport_forward_toaddrr> modification transactiontransaction_msgsicmp_block_inversion_statusexpected_stateforward_statusmasquerade_statuss rmainrh\s  ' !%5!1 e$ u%  5!  6F;  & 5! 6 U# 6 ED:fg eQ/ & e$ '! "fe4# $U,WX% (!!  G 7FB k*IMM'*M k*ImmI&G k*ImmI&G|,JmmI&G$$V,   !a  b I Y ZH IG D|,J!==)?@mmI&G}}Z(H k*I ]]8 $F == D ]]8 $F D }}V( &--' '"(--"7"="="?"E"Ec"J D- M   !K  L L }}^$0 v}}^, - 1   !L  M}}^4Q7  %   !J  K , &   !S  T < '   !L  M | #".x"8 L J,gx|U^ w FF <=  )>>6>T  * #W-'  %0OO$5!!&& d? KK]S T'&*# t*12F*M ' (5 'AFa&agq3 (  %0OO$5!!&& d? KKCWYfg h(  '*'  %0OO$5!!&& d? KKg}M N) !7+'  %0OO$5!!&& d? KKxO P '  '  %0OO$5!!&& % }g6'  %0OO$5!!&& d? KK#]3]  , \&12L4I\(346I7T' %0OO$5!!&& d? KK%V,l7.C$X.0C%  ) "G,'  %0OO$5!!&& d? KK =Q R* " '  %0OO$5!!&& g$We4N (5 'An&TZd( (  %0OO$5!!&&  j ' D 9  (5 'AFW&W]g+ (  %0OO$5!!&& +  '  %0OO$5!!&&W M-BB% '  %0OO$5!!&& d? KK4G H LM W$))D/:w t KK\^rs t t` g KK\^ef g g. j KK\^hi j js6- ]? ^# _?^ ^ #___('_(__main__N)" __future__rrrr< __metaclass__ DOCUMENTATIONEXAMPLESansible.module_utils.basicr)ansible.module_utils.parsing.convert_boolr@ansible_collections.ansible.posix.plugins.module_utils.firewalldrr firewall.clientr r ImportErrorr r@rTrcrsrrrrrrrr'rhr9rRrrrss%A@ L \` D5=l ):6.6D%6$7%6P&6,&6R&6-&6R(6,(6V(6/(6V"6)"6JT6.T6n+6-+6\+6++6\,6/,6^4)4n"60"6J_;D  zF{   s CCC