24ed341
commit 7e7be5658c2b1a8aa130480ad8e1a7314c83bba9
24ed341
Author: Thomas Woerner <twoerner@redhat.com>
24ed341
Date:   Wed Feb 15 11:11:40 2017 +0100
24ed341
24ed341
    firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default
24ed341
    
24ed341
    This breaks the ipset overloading from /etc/firewalld/ipsets.
24ed341
    Fixes: #206
24ed341
24ed341
diff --git a/src/firewall/core/fw_ipset.py b/src/firewall/core/fw_ipset.py
24ed341
index bbbc8eb..952d122 100644
24ed341
--- a/src/firewall/core/fw_ipset.py
24ed341
+++ b/src/firewall/core/fw_ipset.py
24ed341
@@ -55,10 +55,11 @@ class FirewallIPSet(object):
24ed341
     def has_ipsets(self):
24ed341
         return len(self._ipsets) > 0
24ed341
 
24ed341
-    def get_ipset(self, name):
24ed341
+    def get_ipset(self, name, applied=False):
24ed341
         self.check_ipset(name)
24ed341
         obj = self._ipsets[name]
24ed341
-        self.check_applied_obj(obj)
24ed341
+        if applied:
24ed341
+            self.check_applied_obj(obj)
24ed341
         return obj
24ed341
 
24ed341
     def _error2warning(self, f, name, *args):
24ed341
@@ -141,11 +142,11 @@ class FirewallIPSet(object):
24ed341
     # TYPE
24ed341
 
24ed341
     def get_type(self, name):
24ed341
-        return self.get_ipset(name).type
24ed341
+        return self.get_ipset(name, applied=True).type
24ed341
 
24ed341
     # DIMENSION
24ed341
     def get_dimension(self, name):
24ed341
-        return len(self.get_ipset(name).type.split(","))
24ed341
+        return len(self.get_ipset(name, applied=True).type.split(","))
24ed341
 
24ed341
     # APPLIED
24ed341
 
24ed341
@@ -164,7 +165,7 @@ class FirewallIPSet(object):
24ed341
     # OPTIONS
24ed341
 
24ed341
     def get_family(self, name):
24ed341
-        obj = self.get_ipset(name)
24ed341
+        obj = self.get_ipset(name, applied=True)
24ed341
         if "family" in obj.options:
24ed341
             if obj.options["family"] == "inet6":
24ed341
                 return "ipv6"
24ed341
@@ -179,7 +180,7 @@ class FirewallIPSet(object):
24ed341
         pass
24ed341
 
24ed341
     def add_entry(self, name, entry):
24ed341
-        obj = self.get_ipset(name)
24ed341
+        obj = self.get_ipset(name, applied=True)
24ed341
         if "timeout" in obj.options and obj.options["timeout"] != "0":
24ed341
             # no entries visible for ipsets with timeout
24ed341
             raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
24ed341
@@ -201,7 +202,7 @@ class FirewallIPSet(object):
24ed341
                 obj.entries.append(entry)
24ed341
 
24ed341
     def remove_entry(self, name, entry):
24ed341
-        obj = self.get_ipset(name)
24ed341
+        obj = self.get_ipset(name, applied=True)
24ed341
         if "timeout" in obj.options and obj.options["timeout"] != "0":
24ed341
             # no entries visible for ipsets with timeout
24ed341
             raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
24ed341
@@ -222,7 +223,7 @@ class FirewallIPSet(object):
24ed341
                 obj.entries.remove(entry)
24ed341
 
24ed341
     def query_entry(self, name, entry):
24ed341
-        obj = self.get_ipset(name)
24ed341
+        obj = self.get_ipset(name, applied=True)
24ed341
         if "timeout" in obj.options and obj.options["timeout"] != "0":
24ed341
             # no entries visible for ipsets with timeout
24ed341
             raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
24ed341
@@ -230,11 +231,11 @@ class FirewallIPSet(object):
24ed341
         return entry in obj.entries
24ed341
 
24ed341
     def get_entries(self, name):
24ed341
-        obj = self.get_ipset(name)
24ed341
+        obj = self.get_ipset(name, applied=True)
24ed341
         return obj.entries
24ed341
 
24ed341
     def set_entries(self, name, entries):
24ed341
-        obj = self.get_ipset(name)
24ed341
+        obj = self.get_ipset(name, applied=True)
24ed341
         if "timeout" in obj.options and obj.options["timeout"] != "0":
24ed341
             # no entries visible for ipsets with timeout
24ed341
             raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)