YaST2 Developers Documentation: SuSEFirewall configuration

SuSEFirewall configuration

modules/PortRanges.ycp
Checking and manipulation with port ranges (iptables).
  • Lukas Ocilka
  • $id$
  • Module for handling port ranges.

This module has an unstable interface.

Copyright 2004, Novell, Inc. All rights reserved.

Imports

  • PortAliases

Structures

Global Variables

Global Functions

Local Variables

Local Functions

local report_only_once -> list <string>

Variable for ReportOnlyOnce() function

local ReportOnlyOnce (string what_to_report) -> boolean

Report the error, warning, message only once. Stores the error, warning, message in memory. This is just a helper function that could avoid from filling y2log up with a lot of the very same messages - 'foreach()' is a very powerful builtin.

Parameters:
what_to_report
Return value:
whether the message should be reported or not
Example

	string error = sformat("Port number %1 is invalid.", port_nr);
	if (ReportOnlyOnce(error)) y2error(error);
global max_port_number -> integer

Maximal number of port number, they are in the interval 1-65535 included. The very same value should appear in SuSEFirewall::max_port_number.

global IsPortRange (string check_this) -> boolean

Function returns where the string parameter is a port range. Port ranges are defined by the syntax "min_port_number:max_port_number". Port range means that these maximum and minimum ports define the range of currency in Firewall. Ports defining the range are included in it. This function doesn't check whether the port range is valid or not.

Parameters:
check_this
Return value:
whether the checked string is a port range or not
Example

     IsPortRange("34:38")      -> true
     IsPortRange("0:38")       -> true
     IsPortRange("port-range") -> false
     IsPortRange("19-22")      -> false
See
IsValidPortRange()
global IsValidPortRange (string port_range) -> boolean

Checks whether the port range is valid.

Parameters:
port_range
Return value:
if it is valid
Example

     IsValidPortRange("54:135") -> true  // valid
     IsValidPortRange("135:54") -> false // reverse order
     IsValidPortRange("0:135")  -> false // cannot be from 0
     IsValidPortRange("135")    -> false // cannot be one number
     IsValidPortRange("54-135") -> false // wrong separator
See
IsPortRange()
global PortIsInPortranges (string port, list <string> port_ranges) -> boolean

Function returns where the port name or port number is included in the list of port ranges. Port ranges must be defined as a string with format "min_port_number:max_port_number".

Parameters:
port
port_ranges
Example

     PortIsInPortranges ("130",  ["100:150","10:30"]) -> true
     PortIsInPortranges ("30",   ["100:150","10:20"]) -> false
     PortIsInPortranges ("pop3", ["100:150","10:30"]) -> true
     PortIsInPortranges ("http", ["100:150","10:20"]) -> false
global DividePortsAndPortRanges (list <string> unsorted_ports, boolean with_aliases) -> map <string, list <string> >

Function divides list of ports to the map of ports and port ranges. If with_aliases is 'true' it also returns ports wit their port aliases. Port ranges are not affected with it.

Structure Returns $[

    "ports" : [ list of ports ],
    "port_ranges" : [ list of port ranges ],
 ]
Parameters:
unsorted_ports
with_aliases
Return value:
> > of divided ports
global CreateNewPortRange (integer min_pr, integer max_pr) -> string

Function creates a port range from min and max params. Max must be bigger than min. If something is wrong, it returns an empty string.

Parameters:
min_pr
max_pr
Return value:
new port range
global RemovePortFromPortRanges (integer port_number, list <string> port_ranges) -> list <string>

Function removes port number from all port ranges. Port must be in its numeric form.

Parameters:
port_number
port_ranges
Return value:
of filtered port_ranges
Example

     RemovePortFromPortRanges(25, ["19-88", "152-160"]) -> ["19-24", "26-88", "152-160"]
See
PortAliases::GetPortNumber()
global FlattenServices (list <string> old_list, string protocol) -> list <string>

Function tries to flatten services into the minimal list. If ports are already mentioned inside port ranges, they are dropped.

Parameters:
old_list
protocol
Return value:
of flattened services and port ranges