pytest_mh.utils.firewall

Classes

Firewall(*args, **kwargs)

Configure host firewall.

Firewalld(*args, **kwargs)

Configure firewall using firewalld.

WindowsFirewall(*args, **kwargs)

Configure Windows Firewall.
class pytest_mh.utils.firewall.Firewall(*args, **kwargs)

Bases: MultihostUtility[MultihostHost]

Configure host firewall.

All changes are automatically reverted when a test is finished.

Find all MultihostUtility objects in the constructor.

abstract property inbound: FirewallInboundRules

Configure firewall inbound rules.

Returns:

Inbound rules manager.

Return type:

FirewallInboundRules

abstract property outbound: FirewallOutboundRules

Configure firewall outbound rules.

Returns:

Outbound rules manager.

Return type:

FirewalldOutboundRules

parse_port_spec(spec: int | tuple[int, Literal['tcp', 'udp']]) tuple[int, Literal['tcp', 'udp']]

Parse port specification into (port, protocol) tuple.

Raises:

TypeError – When invalid type is given.

Returns:

(port, protocol) tuple)

Return type:

tuple[int, Literal[“tcp”, “udp”]]

parse_host_spec(host: str | MultihostHost | MultihostRole) str

Parse host specification into hostname.

Raises:

ValueError – When invalid type is given.

Returns:

Hostname.

Return type:

str

class pytest_mh.utils.firewall.Firewalld(*args, **kwargs)

Bases: Firewall

Configure firewall using firewalld.

All changes are automatically reverted when a test is finished.

Parameters:

host (MultihostHost) – Remote host instance.

property inbound: FirewalldInboundRules

Configure firewall inbound rules.

Returns:

Inbound rules manager.

Return type:

FirewallInboundRules

property outbound: FirewalldOutboundRules

Configure firewall outbound rules.

Returns:

Outbound rules manager.

Return type:

FirewalldOutboundRules

add_policy(name: str, *, ingress: str | None = None, egress: str | None = None, priority: int | None = None, target: Literal['CONTINUE', 'ACCEPT', 'DROP', 'REJECT'] | None = None) int

Add a new (permanent) policy.

Except for the name, all parameters are optional. When the priority is not provided, the next priority is assigned. When the other parameters are not provided, no value is assigned to the newly created policy and it defaults to firewalld’s defaults.

Parameters:

  • name (str) – The policy name

  • ingress (str | None, optional.) – The ingress zone, not assigned if not provided.

  • egress (str | None, optional.) – The egress zone, not assigned if not provided.

  • priority (int | None, optional.) – Rule priority, defaults to the next priority.

  • target (Literal["CONTINUE", "ACCEPT", "DROP", "REJECT"] | None, optional.) – Rule target, not assigned if not provided.

Returns:

Policy priority.

Return type:

int

remove_policy(name: str) None

Remove a (permanent) policy.

Parameters:

name (str) – The name of the policy to be removed.

add_rich_rule(rule: str, policy: str | None = None, priority: int | None = None) int

Add rich rule.

When the policy is specified, the rule will be added to that policy, or to the default policy when not specified.

The parameter “rule” is the part after “rule priority=X”. This part is added automatically. That is:

$ firewall-cmd [--policy {policy}] --add-rich-rule rule priority={priority} {rule}
Parameters:

  • rule (str) – Firewalld rich rule.

  • policy (str | None, optional) – The policy to use.

  • priority (int | None, optional) – Rule priority, defaults to None (= auto-assign next value)

Returns:

Rule priority, to be used for rule removal.

Return type:

int

remove_rich_rule(priority: int, rule: str, policy: str | None = None) None

Remove rich rule.

The parameter “rule” is the part after “rule priority=X”. This part is added automatically. That is:

$ firewall-cmd --remove-rich-rule rule priority="{priority}" {rule}

When the policy is specified, the rule will be removev from that policy, or from the default policy when not specified.

Parameters:

  • priority (int) – Rule priority

  • rule (str) – Firewalld rich rule.

  • policy (str | None, optional) – The policy to use.

class pytest_mh.utils.firewall.WindowsFirewall(*args, **kwargs)

Bases: Firewall

Configure Windows Firewall.

All changes are automatically reverted when a test is finished.

Parameters:

host (MultihostHost) – Remote host instance.

property inbound: WindowsFirewallInboundRules

Configure firewall inbound rules.

Returns:

Inbound rules manager.

Return type:

FirewallInboundRules

property outbound: WindowsFirewallOutboundRules

Configure firewall outbound rules.

Returns:

Outbound rules manager.

Return type:

FirewalldOutboundRules

add_rule(name: str, direction: Literal['inbound', 'outbound'], action: Literal['allow', 'block'], args: list[Any]) str

Add firewall rule.

Final rule name is constructed as "mh/{direction}/block/{name}".

Parameters:

  • name (str) – Rule name.

  • direction (Literal["inbound", "outbound"]) – Direction

  • action (Literal["allow", "block"]) – Action.

  • args (list[Any]) – Additional arguments to New-NetFirewallRule command.

Raises:

ValueError – If invalid action is given.

Returns:

Final rule name.

Return type:

str

remove_rule(name: str) None

Remove firewall rule.

Parameters:

name (str) – Complete rule name (e.g. mh/inbound/block/389)