Current File : //lib/python3.9/site-packages/firewall/core/io/__pycache__/policy.cpython-39.pyc
a

���g��@sgd�ZddlmZddlZddlZddlZddlmZddlm	Z	m
Z
mZmZm
Z
mZmZmZddlmZmZmZddlmZmZmZmZmZmZddlmZddlmZdd	lm Z dd
l!m"Z"dd�Z#d
d�Z$dd�Z%dd�Z&Gdd�de�Z'Gdd�de�Z(ddd�Z)ddd�Z*dS))�Policy�
policy_reader�
policy_writer�N)�config)�checkIP�checkIP6�checkUINT16�coalescePortRange�max_policy_name_len�portInPortRange�portStr�uniqify)�DEFAULT_POLICY_TARGET�POLICY_TARGETS�DEFAULT_POLICY_PRIORITY)�	IO_Object�IO_Object_ContentHandler�IO_Object_XMLGenerator�
check_port�check_tcpudp�check_protocol)�rich)�log)�errors)�
FirewallErrorc	s�|dkr�n�|dkr�n�|dkr�|jr`|jjrJt�dt|j��d|_dSt��d�|j_dS�d|jj	vr�|jj	�
�d�nt�d�d��n<|dk�r|jr�|jjr�t�dt|j��d|_dSt��d�d	�|j_dSt�d�t
�d	�t�dd
��d	f}tt�fdd�|jj��}|D]b}t|d
|d
��r4t|jt��rb|jjn|jj}t�ttjd|d
�d	|f���qԐq4t|d
dd�|D��\}}|D]&}	t|	d
��d	f}
|jj�|
��q�|D]&}	t|	d
��d	f}
|jj�
|
��q�	n�|d	k�r�|j�r\|jj�rHt�dt|j��d|_dSt��d�|j_nBt�d��d|jjv�r�|jj�
�d�nt�d�d��	n2|dk�r<|j�r|jj�r�t�dt|j��d|_dSd}d�v�r��ddv�r��d}t�|�|j_n*d}d�v�r,d�d�d�}t�d|��n�|dk�r�|j�r�|jj�rtt�dt|j��d|_dSt� �d�|j_dS�d|jj!v�r�|jj!�
�d�nt�d�d��n|dk�r&|j�r|jj�r�t�dt|j��d|_dSt�"�d�|j_dSt�d�d��n�|dk�r�|j�rl|jj�r^t�dt|j��d|_dSt�#�|j_n|jj$�r�t�d�nd|j_$�nF|d k�r�d}
d!�v�r��d!}
d}d"�v�rĈd"}|j�r|jj�r�t�dt|j��d|_dSt�%�d�d	|
|�|j_dSt�d�t
�d	�|
�r8t|
�|�rbt&|��sbt'|��sbttj(d#|��t�dd
��d	t|
d
�t|�f}
|
|jj)v�r�|jj)�
|
�n6t�d$�d�d	|
�r�d%|
nd|�r�d&|nd��n�|d'k�rZ|j�r2|jj�rt�dt|j��d|_dSt�*�d�d	�|j_dSt�d�t
�d	�t�dd
��d	f}tt�fd(d�|jj+��}|D]b}t|d
|d
��r~t|jt��r�|jjn|jj}t�ttjd|d
�d	|f���qԐq~t|d
d)d�|D��\}}|D]&}	t|	d
��d	f}
|jj+�|
��q|D]&}	t|	d
��d	f}
|jj+�
|
��q.�nz|d*k�r|j�s�t�d+�d|_dS|jj,�r�t�d,t|j��dSd-}d}d.�v�r��d.}d}d/�v�rЈd/}d0�v�r�d0�-�d1v�r�d}t�.|||�|j_,�n�|d2v�r�|j�s,t�d3�d|_dS|jj/�rJt�d4�d|_dS|d5k�rbt�0�|j_/nh|d6k�r�d}d7�v�r��d7}t�1|�|j_/n8|d8k�r�t�2�|j_/n |d9k�rʈd:}t�3|�|j_/|jj/|_4�n�|d;k�	r�|j�s�t�d<�dS|jj�	rt�d=�dSd}d>�v�	rD�d>}|d?v�	rDt�d@�d|_dSd}dA�v�	r��dA}|�	rnt5|�dBk�	r�t�dC�d|_dSt�6||�|j_|jj|_4�n4|dDk�
r�|j�	s�t�d<�dS|jj�	r�t�d=�dSd}dE�v�
r�dE}t7|��
st�dF�d|_dSd}dA�v�
rJ�dA}|�
r6t5|�dBk�
rJt�dG�d|_dSd}dH�v�
r~�dH}t7|��
s~t�dI�d|_dSt�8|||�|j_|jj|_4�n6|dJk�
r�|j�
s�t�dK�dS|jj9�
r�t�dLt|j��d|_dSt�:�|j_9|jj9|_4n�|dMk�rld}d
}dN�v�rD�dN}|dOv�rDt�dP�dN�d|_dSdQ�v�rZt;�dQ�}tj<||dR�|_nh|dSk�r�|j4�s�t�dT�d|_dS|j4j=�r�t�dUt|j��d|_dS�d}t�>|�|j4_=nd-SdS)VN�short�description�servicez;Invalid rule: More than one element in rule '%s', ignoring.T�namez#Service '%s' already set, ignoring.�port�protocol�-cs|d�dkS�N�r ���x��attrsr$�;/usr/lib/python3.9/site-packages/firewall/core/io/policy.py�<lambda>E�z%common_startElement.<locals>.<lambda>rz'%s:%s' already in '%s'cSsg|]\}}|�qSr$r$��.0Z_portZ	_protocolr$r$r)�
<listcomp>Or+z'common_startElement.<locals>.<listcomp>�valuez$Protocol '%s' already set, ignoring.�
tcp-mss-clamp�pmtu)N�None�z	 (value='z)'z-Invalid rule: tcp-mss-clamp%s outside of rule�
icmp-blockz&icmp-block '%s' already set, ignoring.�	icmp-typez-Invalid rule: icmp-block '%s' outside of rule�
masqueradez!Masquerade already set, ignoring.�forward-port�to-port�to-addrz#to-addr '%s' is not a valid addressz-Forward port %s/%s%s%s already set, ignoring.z >%sz @%s�source-portcs|d�dkSr"r$r%r'r$r)r*�r+cSsg|]\}}|�qSr$r$r,r$r$r)r.�r+�destinationz)Invalid rule: Destination outside of rulez?Invalid rule: More than one destination in rule '%s', ignoring.F�address�ipset�invert�Zyes�true)�accept�reject�drop�markz$Invalid rule: Action outside of rulez"Invalid rule: More than one actionrArB�typerCrD�setrz!Invalid rule: Log outside of rulezInvalid rule: More than one log�level)ZemergZalertZcrit�error�warningZnotice�info�debugzInvalid rule: Invalid log level�prefix�z Invalid rule: Invalid log prefix�nflog�groupz'Invalid rule: Invalid nflog group valuez"Invalid rule: Invalid nflog prefix�
queue-sizez&Invalid rule: Invalid nflog queue-size�auditz#Invalid rule: Audit outside of rulez9Invalid rule: More than one audit in rule '%s', ignoring.�rule�family)Zipv4Zipv6z&Invalid rule: Rule family "%s" invalid�priority)rSrT�limitz4Invalid rule: Limit outside of action, log and auditz9Invalid rule: More than one limit in rule '%s', ignoring.)?�_rule�elementrrI�str�_rule_errorr�Rich_Service�item�services�append�	Rich_Portrrr�list�filter�portsr�
isinstancer�derived_from_zonerrrZALREADY_ENABLEDr	�remove�
Rich_Protocolr�	protocols�Rich_Tcp_Mss_Clamp�Rich_IcmpBlock�icmp_blocks�
Rich_IcmpType�Rich_Masquerader6�Rich_ForwardPortrr�INVALID_ADDR�
forward_ports�Rich_SourcePort�source_portsr;�lowerZRich_Destination�action�Rich_Accept�Rich_Reject�	Rich_Drop�	Rich_Mark�	_limit_ok�len�Rich_LogrZ
Rich_NFLogrQZ
Rich_Audit�int�	Rich_RulerUZ
Rich_Limit)�objrr(Znew_port_idZexisting_port_idsZport_id�_nameZadded_rangesZremoved_rangesZ_range�entry�_value�s�to_portZto_addrr>r<r=Z_typeZ_setrGrLrO�	thresholdrSrTr/r$r'r)�common_startElement!s���
�
�
�


��

�


��

��

�




�
�����

�
�
�



�


��
































�


�



�r�c
Cs�|dkr�|js�z|j��Wn8tyT}z t�d|t|j��WYd}~nTd}~00t|j�|jjvr�|jj	�
|j�|jj�
t|j��nt�dt|j��d|_d|_n|dvr�d|_dS)NrRz%s: %sz Rule '%s' already set, ignoring.F)rArBrCrDrrQ)rYrV�check�	ExceptionrrIrXr[�	rules_str�rulesr]rw)r|r�er$r$r)�common_endElement|s *�r�c	Cs�t|t�rdnd}|dkrXd|vrX|d}|D]$}||vr.ttjd�||j|���q.�nJ|dkr�|D]}t|d�t|d�qd�n|dkr�|D]}	t	|	�q��n�|d	k�rd
|v�r|d
}
|D]T}||
vr�ttj
d�||j|��}||�di��d
i�v�rt�
d�|��q�|�qĐn�|dk�r�|D]�}
t|
d�t|
d�|
d�st|
d�stttjd�||j|
���|
d�r�t|
d�|
d�r,t|
d��s,t|
d��s,ttjd�||j|
d����q,�n�|dk�r|D]}t|d�t|d��q�n�|dv�r�|D�]�}tj|d�}|j�r`d
|v�r`t|jtj��sXt|jtj��r`|d
}
|jj|
v�r�ttj
d�||j|jj��}|jj|�di��d
i�v�r�t�
d�|��n|�n�|j�r�|d
|jj}|j�r�|j|jv�r�ttj
d�||j|j|jj��}|�di��d
i��|jj�}|�rZ|j�rZ|j|jv�rZt�
d�|��n|�n>t|jtj��r|jj|dv�rttjd�||j|jj����qdS)NrZZoner\z){} '{}': '{}' not among existing servicesrarr#rfriZ	icmptypesz+{} '{}': '{}' not among existing ICMP typesZruntimeZicmptypes_unsupportedz{} (unsupported)rn��z-{} '{}': '{}' is missing to-port AND to-addr z,{} '{}': to-addr '{}' is not a valid addressrp)r��
rich_rules�Zrule_strz<{} '{}': rich rule family '{}' conflicts with icmp type '{}')rbrrrZINVALID_SERVICE�formatrrrrZINVALID_ICMPTYPE�getrZdebug1�INVALID_FORWARDrrrmrr{rWrhrjrSr;rZ)r|rr[�
all_config�all_io_objectsZobj_typeZexisting_servicesrr�protoZexisting_icmptypesZicmptype�ex�fwd_portrRZobj_richZictZict_unsupportedr$r$r)�common_check_config�s���
��

��

��


������
���r�cCs�|jrF|jdkrF|�d�|�di�|�|j�|�d�|�d�|jr�|jdkr�|�d�|�di�|�|j�|�d�|�d�t|j�D](}|�d�|�dd|i�|�d�q�t|j	�D]2}|�d�|�d|d	|d
d��|�d�q�t|j
�D]*}|�d�|�dd
|i�|�d��qt|j�D]*}|�d�|�dd|i�|�d��q>|j�r�|�d�|�di�|�d�t|j
�D]�}|�d�|d	|d
d�}|d�r�|ddk�r�|d|d<|d�r|ddk�r|d|d<|�d|�|�d��q�t|j�D]4}|�d�|�d|d	|d
d��|�d��q(|jD�]n}i}|j�r�|j|d<|jd	k�r�t|j�|d<|�d�|�d|�|�d�|j�r:i}|jj�r�|jj|d<|jj�r�|jj|d<|jj�r|jj|d<|jj�rd|d<|�d�|�d|�|�d�|j�r�i}|jj�r\|jj|d<|jj�rr|jj|d<|jj�r�d|d<|�d�|�d |�|�d�|j�r�d}	i}t|j�tjk�r�d}	|jj|d<�n�t|j�tjk�rd}	|jj|d<|jj |d<�nnt|j�tj!k�r2d}	|jj"|d
<�nHt|j�tj#k�rpd!}	|jj"�rz|jj"d"k�rz|jj"|d
<�n
t|j�tj$k�r�d}	n�t|j�tj%k�r�d}	|jj|d<n�t|j�tj&k�r�d#}	|jj|d<n�t|j�tj'k�r4d}	|jj|d<|jj |d<|jj(dk�r|jj(|d<|jj)dk�rz|jj)|d<nFt|j�tj*k�rdd}	|jj|d<|jj |d<nt+t,j-d$t|j���|�d�|�|	|�|�d�|j.�rt|j.�tj/k�r\i}|j.j0�r�|j.j0|d%<|j.j1�r�|j.j1|d&<|j.j2�r:|�d�|�d'|�|�d(�|�d)d
|j.j2j"i�|�d*�|�d'�n|�d�|�d'|�|�d�n�i}|j.j3�rv|j.j3|d+<|j.j0�r�|j.j0|d%<|j.j4�r�|j.j4|d,<|j.j2�r�|�d�|�d-|�|�d(�|�d)d
|j.j2j"i�|�d*�|�d-�n|�d�|�d-|�|�d�|j5�r�i}|j5j2�rz|�d�|�d.i�|�d(�|�d)d
|j5j2j"i�|�d*�|�d.�n|�d�|�d.|�|�d�|j6�r�d}
i}t|j6�tj7k�r�d/}
n|t|j6�tj8k�r�d0}
|j6j�r>|j6j|d1<nNt|j6�tj9k�rd2}
n6t|j6�tj:k�r,d3}
|j6j;|d4<nt.�<d5t|j6��|j6j2�r�|�d�|�|
|�|�d(�|�d)d
|j6j2j"i�|�d*�|�|
�n|�d�|�|
|�|�d�|�d�|�d�|�d��qddS)6Nr3�  r�
rrrrrr#)rr r r/r4r6r�r8r�r9r7r:rSrTrRr<�macr=�Truer>z    �sourcer;r0r1r5z"Unknown element '%s' in obj_writerrLrGrz
      rUz
    rOrPrNrQrArBrErCrDrFzUnknown action '%s')=r�ignorableWhitespace�startElementZ
characters�
endElementrr
r\�
simpleElementrarfrir6rnrpr�rSrTrXr��addrr�r=r>r;rWrErrZrr^rr rer/rgrkrhrjrlr��
to_addressrorrZINVALID_OBJECTrryrLrGrUrOr�rQrrrsrtrurvrFrI)r|�handlerrrr ZicmpZforwardr(rRrWrrr$r$r)�
common_writer�s�













�













�






�







�





�






�




r�csNeZdZdZdZeZdgZdddddd	gfd
dgfdd	gfd
ddgfdd	gfdd	gfddgfddd	gfdd	gffZgd�Z	dddgdgddgdgdgdddgddddgddgdddddddgdgdgdgd�Z
dd gd!d"gd#d ggd$�gd%�d&d'ggd(�d)gdgd*�	Z�fd+d,�Zd-d.�Z
�fd/d0�Z�fd1d2�Zd3d4�Z�fd5d6�Z�ZS)7ri���i�r)�versionr3)rr3)rr3)�targetr3r\r3ra)r3r3ri)r6Frn)r3r3r3r3r�rfrp)rTr�
ingress_zones�egress_zones)�_r!�/Nr�rrr r/rF)rr�policyrrr4r5r6r7rRr�r;r r:rrNrQrArBrCrDrU�ingress-zone�egress-zoner�rTr8r9rS)r<r�r>rSr=)r<r>r=rLrG)rOrLrPrE)	r�r7rRr�r;rrNrBr0cs�tt|���d|_d|_d|_t|_g|_g|_	g|_
g|_d|_d|_
g|_g|_g|_g|_d|_|j|_d|_g|_g|_dS�Nr3F)�superr�__init__r�rrrr�r\rarfri�icmp_block_inversionr6rnrpr�r��applied�priority_defaultrTrcr�r���self��	__class__r$r)r�s(zPolicy.__init__cCs�d|_d|_d|_t|_|jdd�=|jdd�=|jdd�=|jdd�=d|_	d|_
|jdd�=|jdd�=|j
dd�=|jdd�=d|_|j|_|jdd�=|jdd�=dSr�)r�rrrr�r\rarfrir�r6rnrpr�r�r�r�rTr�r�r�r$r$r)�cleanup-s$zPolicy.cleanupcs"|dkr|jSttt|�|�SdS)Nr�)r��getattrr�r�r�rr�r$r)�__getattr__AszPolicy.__getattr__csB|dkr,dd�|D�|_dd�|jD�|_ntt|��||�dS)Nr�cSsg|]}tj|d��qS)r�)rr{�r-r�r$r$r)r.Ir+z&Policy.__setattr__.<locals>.<listcomp>cSsg|]}t|��qSr$)rXr�r$r$r)r.Kr+)r�r�r�r�__setattr__)r�rr/r�r$r)r�GszPolicy.__setattr__c
	Cs�t|||||�|j|dvr2ttjd�|j���|dkr\|tvrXttjd�|j|����n�|dkr�||jvs�||j	ks�||j
kr�ttjd�|j||j
|j	|j����nH|dv�r�dd	gt|d�
��}|D]�}||vr�ttjd
�|j|���|dv�rtdd	g�t|�@�s.|dv�rDt|�t|g��rDttjd�|j|���|d	kr�|d
k�rnd|v�rnd	|dv�s�|dkr�d
|vr�d	|d
vr�ttjd�|j���qΐnL|dk�r�|�r�d|v�r�d	|dv�r�ttjd�|j���n�d
|v�r�d	|d
v�rttjd�|j���|d
D]r}|dk�r(�q||dv�rLttjd�|j|���|d�d�dk�r|d|j�rttjd�|j|����q�nb|dk�r|D�]p}tj|d�}|j�r�t|jtj��r�d|v�r�d	|dv�r�ttjd�|j���n�d
|v�rd	|d
v�r ttjd�|j���|d
D]r}|dk�r:�q(||dv�r^ttjd�|j|���|d�d�dk�r(|d|j�r(ttjd�|j|����q(�q�|j�r�t|jtj��r�d|v�rd	|dv�r�|jj�r�ttjd�|j���n�|d�r|jj�sttjd�|j���d|dv�r|dD]P}||dv�rVttjd�|j|���|d|j�r.ttjd�|j|����q.n�|j�r�t|jtj��r�d|v�r�|dD]^}|dv�r��q�||dv�r�ttjd�|j|���|d|j�r�ttjd�|j|����q��q�n�|dk�r�|D]�}	d|v�r d	|dv�r\|	d�r�ttjd�|j���n�|d�r |	d�s�ttjd�|j���d|dv�r |dD]P}||dv�r�ttjd�|j|���|d|j�r�ttjd�|j|����q��q dS) NZzonesz0Policy '{}': Can't have the same name as a zone.r�z#Policy '{}': '{}' is invalid targetrTz^Policy '{}': {} is invalid priority. Must be in range [{}, {}]. The following are reserved: {})r�r��ANY�HOSTz*Policy '{}': '{}' not among existing zones)r�r�zKPolicy '{}': '{}' may only contain one of: many regular zones, ANY, or HOSTr�r�zSPolicy '{}': 'HOST' can only appear in either ingress or egress zones, but not bothr6z;Policy '{}': 'masquerade' is invalid for egress zone 'HOST'z<Policy '{}': 'masquerade' is invalid for ingress zone 'HOST'z&Policy '{}': Zone '{}' does not exist.ZconfZFirewallBackendZnftablesz\Policy '{}': 'masquerade' cannot be used because ingress zone '{}' has assigned interfaces. r�r�zNPolicy '{}': A 'forward-port' with 'to-addr' is invalid for egress zone 'HOST'zPPolicy '{}': 'forward-port' requires 'to-addr' if egress zone is 'ANY' or a zonez[Policy '{}': 'forward-port' cannot be used because egress zone '{}' has assigned interfaceszZPolicy '{}': 'mark' action cannot be used because egress zone '{}' has assigned interfacesrnr�)r�rrrZ
NAME_CONFLICTr�r�INVALID_TARGET�priority_reserved�priority_max�priority_minZINVALID_PRIORITYr_�keysZINVALID_ZONErFr�Z
interfacesrr{rWrbrkrlr�r�rrrv)
r�rr[r�r�Zexisting_zones�zonerRr|r�r$r$r)�
_check_configOs:
����
�� ������
���
���
��
��
�

��
��
�

��

��

 


��

��zPolicy._check_configcs�tt|��|�|�d�r.ttjd�|���n�|�d�rLttjd�|���nl|�	d�dkrnttjd�|���nJd|vr�|d|�
d��}n|}t|�t�kr�ttjd�|t|�t����dS)Nr�z&Policy '{}': name can't start with '/'z$Policy '{}': name can't end with '/'r#z'Policy '{}': name has more than one '/'z)Policy '{}': name has {} chars, max is {})
r�r�
check_name�
startswithrr�INVALID_NAMEr��endswith�count�findrxr
)r�rZchecked_namer�r$r)r��s,
�
����zPolicy.check_name)�__name__�
__module__�__qualname__r�r�rr�r�ZIMPORT_EXPORT_STRUCTUREZADDITIONAL_ALNUM_CHARSZPARSER_REQUIRED_ELEMENT_ATTRSZPARSER_OPTIONAL_ELEMENT_ATTRSr�r�r�r�r�r��
__classcell__r$r$r�r)r�s|���xrc@s$eZdZdd�Zdd�Zdd�ZdS)�policy_ContentHandlercCs"t�||�d|_d|_d|_dS)NF)rr�rVrYrw)r�r[r$r$r)r��szpolicy_ContentHandler.__init__cCst�|||�|jrdS|j�||�t|||�r6dS|dkr�d|vrR|d|j_d|vrjt|d�|j_d|vr�|d}|t	vr�t
tj|��|r�||j_
�n^|dkr�|d|jjvr�|jj�|d�nt�d|d��n|dk�r |d|jjv�r|jj�|d�nt�d	|d�n�|d
k�r�|j�sFt�d�d|_dS|jj�rlt�d
t|j��d|_dSd}d|v�r�|d��dv�r�d}d}}}d|v�r�|d}d|v�r�|d}d|v�r�|d}tj||||d�|j_dSt�d|�dSdS)Nr�r�rTr�r�rz(Ingress zone '%s' already set, ignoring.r�z'Egress zone '%s' already set, ignoring.r�z$Invalid rule: Source outside of ruleTz:Invalid rule: More than one source in rule '%s', ignoring.Fr>r?r<r�r=)r>zUnknown XML element '%s')rr�rYr[Zparser_check_element_attrsr�r�rzrTrrrr�r�r�r]rrIr�rVr�rXrqrZRich_Source)r�rr(r�r>r�r�r=r$r$r)r��sl



�
�



�
z"policy_ContentHandler.startElementcCst�||�t||�dS)N)rr�r�r�r$r$r)r�%sz policy_ContentHandler.endElementN)r�r�r�r�r�r�r$r$r$r)r��s@r�Fc
Cs t�}|�d�s ttjd|��|dd�|_|s>|�|j�||_||_|�	t
j�rZdnd|_|j|_
t|�}t��}|�|�d||f}t|d��n}t�d�}|�|�z|�|�Wn:tjy�}	z ttjd|	����WYd}	~	n
d}	~	00Wd�n1�s0Y~~|S)	Nz.xmlz'%s' is missing .xml suffix���FT�%s/%s�rbznot a valid policy file: %s)rr�rrr�rr��filename�pathr�r�
ETC_FIREWALLDZbuiltin�defaultr��saxZmake_parserZsetContentHandler�openZInputSourceZ
setByteStream�parseZSAXParseExceptionZINVALID_POLICYZgetException)
r�r�Z
no_check_namer�r��parserr�fr��msgr$r$r)r*s<
�


��:rc

Cs�|r|n|j}|jr$d||jf}nd||jf}tj�|�r�zt�|d|�Wn2ty�}zt�	d||�WYd}~n
d}~00tj�
|�}|�tj
�r�tj�|�s�tj�tj
�s�t�tj
d�t�|d�tj|ddd�}t|�}|��i}|j�r|jd	k�r|j|d
<|j|jk�r0t|j�|d<|j|d<|�d
|�|�d�t||�t|j�D]*}	|�d�|�dd|	i�|�d��qdt|j�D]*}	|�d�|�dd|	i�|�d��q�|�d
�|�d�|� �|�!�~dS)Nr�z	%s/%s.xmlz%s.oldzBackup of file '%s' failed: %si�ZwtzUTF-8)�mode�encodingr3r�rTr�r�r�r�r�rr�)"r�r�r�os�exists�shutil�copy2r�rrH�dirnamer�rr��mkdir�ior�rZ
startDocumentr�rTr�rXr�r�r�r�r
r�r�r�r�ZendDocument�close)
r�r��_pathrr��dirpathr�r�r(r�r$r$r)rGsN$







r)F)N)+�__all__Zxml.saxr�r�r�r�ZfirewallrZfirewall.functionsrrrr	r
rrr
Zfirewall.core.baserrrZfirewall.core.io.io_objectrrrrrrZ
firewall.corerZfirewall.core.loggerrrZfirewall.errorsrr�r�r�r�rr�rrr$r$r$r)�<module>s2(
 ]TwL