firewalld: add IpTables wrapper.
Implement firewall functionality.
Split up part of FirewallService's functionality into a class
that can be easily unit-tested.
TODO: allow punching holes for UDP ports as well.
BUG=chromium:435400
TEST=New unit tests pass.
TEST=dbus-send --system --dest=org.chromium.firewalld --print-reply \
/org/chromium/firewalld \
org.chromium.firewalld.PunchHole uint16:80 twice, success.
TEST='iptables -S' shows the new rule.
TEST=dbus-send --system --dest=org.chromium.firewalld --print-reply \
/org/chromium/firewalld \
org.chromium.firewalld.PlugHole uint16:80 once, success.
TEST='iptables -S' no longer shows the new rule.
TEST=Second time, error.
Change-Id: Ic8fc9d1fb3ac3deecde304922a709befa55015fb
Reviewed-on: https://chromium-review.googlesource.com/233723
Trybot-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
6 files changed