JFIF     "" $(4,$&1'-=-157:::#+?D?8C49:7 7%%77777777777777777777777777777777777777777777777777"H !1AQ"2aqB#R3b$Cr4Ss%Tt&c$!1AQ"a#2B ? }XuAo)8^ IƟ`vUp9jY0Ǧ w)E허2jU`SEKw5]kSno!]:?jc\غV7/9N+{t#8zd/޲3F/=ź3GNquV"/4:{z%ۣI'D@ %88^f}VV)S_2ed^Mx"͟?UC62Q%чmO͓ cq0rŖJ\Õ_Sݶ'|G.q޾D U]nP%EF>˲E"d&'f2s6H]4w IS˶4VbaQ+9]XtNx:M0JNxϙ⟟"{nr;|{%vo\z-wc,*|k}-m55o4W9ؓw߱Yzk .=/oϡȴ^9ҧʹamtQԬZ]4?egjrQ}+)MleE]MPEn!`IK2RUEwVIoͷcp;lśe7΄uN ;rПV8|e\׹9Y-V_G.)XԢOv<;_"ڜ]ߙEr݊'K{KuBJ}KI}24|"v)/ʻo5)6-Tjd7.C]Q&lU,Yk1P4~UKZs|$kX6+屷CUq+N(jlGrpG&UB3#k3\9qfg7O8Kim(AJOO~C#e`i0wĦij$cWh<dtQߺ"NOtG+ZǪ]b5%]v5$)u|qZ柡s-rۖu$MKڎCmN_V'/1u,21pvlc>қeNnֺ|bkl=lǷNOʣlz*]»vȎ[)j[fs[]:s#m6Qt6*Q+`};ßj[F_jcv`r#w}|k<ڞ/r53N8>Kh q_-_??@enſEܥ\D\YAEo+ ޟd}IcY7+t{=ɩ>}i\\JfxzVdSzᔢ]Q^CJի\iceitMM5hڦg')^ et#ۯ"ÿfF->4iؤ2ݷ6#p6^-R̫gETj^I.kӽUp~D9[:/>h> \gJ|ۿؘ>ml9jMK =+*2i=0RiͶۗV{"u]IH`9J_˹KƼK$X-|=ve/ bjxw.9i%NqVJcFYKcTtO,F;%67vYb8֝qq0tUt=DvawsS~~Edzr^F-v{c++ݔ\|9Iy #nOavOY=3690Tcrilwa\˓m$?箵S6U c(.~R7suMhqcMOnKoc*ȣȩEd'J ܜk*_q}%M/7c.|;trddbsdcJev85̤iW Ę 8C# .딖e$sk80^\J众2)Nm~|Idj_ O+6ǻ#(MIz4Qo:օY,:q]̌"lK}{F]ζ)h>ʶ ^ue78_G#rqv$wkk[Q c+վ+ĸZΝFB]VzoiJRke&Kgom_7Wef_7,osJɽE%lzBt>mRs)v8'P0ֲtrOg4p_2`GlhYڦDF/ӚKmtm'P2kqU765fJY:y؊.ox%8V_ִ̌ܞjpqwЮQ;iUcNoOoٸcY w*4soӵkqf$?-jy~0{>?DaL8XL/ɞo+'8 {ʸxգj#Dy)wk̘e۩+%}~;ڼ5xek|y-%ڱ-ʜe:EEScÚ5z|r'&I&яF*F7|[nRF =(4ۖ@. n7@xx:N^8Bg%u/ny6&dR{?8U_Q6Z߯-oh.NR]} qi6~H(j7*uF&l&o8ts]/P89:jW*$w׹Ӌ FxpsCJi.7N q4WU_}7*M#qWiصnk'4ݍl*t^ c<'d:~͗enFQRz9v~ddoTZ̚k7X(wUswO̙fոҁՕ[$IAI>WW~ĪEѢNoeutYߑ-Eixιpxq{FnyfRrjqU᫤]>wPU8)Y-7Wbq㛋w:7ܣ].j%K:y4] %9$I%pT(󨪙VqiYٓ4y~5S/XTDZM2lȪ; S~Kx:(Mn0';-{*qV&|W3S+\֔a{R{s=lYmN9Fn&o'}Vi( ?*qV5ѼCNsM饏zߴ$^O69@ ,$y|jE;gW/u|M?3+ZՕN86յw%|QO㏏S\E#ddsgl+Scl3~~CԕQľ?5_ z߿t11OĶ0>oB9E/SOSk+b&Yn>$툧eg) "!܉(1 uBoJ)/t/,:=7M+1ܺ#CmS^Nz 6[u&]+|Dfj:uZ5-Z^TjMtm>cȳ NdT_,M#Ex;pt۴ͮ#!N iKl!zPծ~$1SiO} HI&g Bf)b%Ko̧kumEnص;V?j>nltOMVۆl>.WueYaw2+qK,?uHiqqSM}~gu3xbcWSy/Xc{%sZ]uaUM;7:cb5G97'7þյW,;$ܛyVjl޻y7S;o6gf.Tг[7/i1Z^rE cUF'P1-?%u&q{fw~27ޡ ^w$?SwP[=R3Y73 4x(Kk&rLȫMKn:RjcI?3Al`vض[POĖSYujj6v+-[xҵ=~zNN>\ɲQ/uufo*e6l;31붏.>w6=7#7dFDc%ƶTbd;2/=?Asr! ~ZSS~I"9y]Hn,ĊJ7S}cK"amCg3yP=RQɤW}t;-{F+v+RɔڎB?º{SV묖kۏmK~%.Q;OfEf_Y/F-V-MdD)m.ZՍ8Y*h[g/6ydmCc[rdfʾ䖗gd$^֍^ʅѻL|<[݉\߯RiJUo';œN?B smS ܹkس,mRE^ѣlJ&.ċ԰YO:޼f\Z'HCѯU[ʩ1ff4S-٥YxTIGLiыr }L)edׂ*l|ٚuoxӿnWkTbbVm zT_'"x5Vިxo1ج^Fq6Sd3ws'/ڞ6m?}1OsRGݝ+,~ڬ%^p1ef5c25vq~﹉ă[r-eq] 8+/ESj}?mUE.xYK3"oƔ^Y9I]I ޑ" &*4.Jâ}ټQbXKJ񽼀ncg`+riܭ_'Bֽp%bX'7cB}WPm|zHָLJhj~E>i~Z$297|_hyΕ&s}ZϷ *j]:v.HK<SP8`Pƣ)r ,}8Wk[ArHgn=о7:J]TTP>OOj J_KyB\Ԥrm嬷ȫr{ݙ5R(FRЪ6q}KLmR'eޖz6[YތesYYL5Tr7s\^rؙV͸컬j5d?yk'b S }kra^ߚRH)[sg.fLM\u= vJQ]rVkZuoN}#G?yjO%|i2fKoӰღC P_Ϳ6Zr{e/m$i}9 G2')YG9KY>|1ӫ +v+i;h\Q@˿Lӭn˖ 7ck>Vr.D0)hC<˄4"0[eԬݭe+l2s3ss oX]1r]+VK vI;mZ')R6e5=/i@]H^Z۬՝EW.jƆf{8mXMV~_̝z^VR}T63}}k3+k3:j1Phlpi{欍BȽ}6w73GtUZv>4eUj$ xz$$D/߇ߟI"uk̜aƪ*ke/F:dһ_PE1ݡkp(5ʏ-ɮ{Yllԧg!ܝ g]i-umεŸxOê^=PR ##XeMy%2L~󜺶Hm ݙ2t_ƶz7'\Z4T<"AM-&xaC]a5.huQ۫$cMμ|h;.J.o߸sE-zU{d];|YLSMvSEneNKr1B[]NeonNߪ$4̘FPrkxޱ=0lr7Q%=$KQ;0r*XKdGۃ*]w-npᬶ\tt4>Dc[Ouo3/)-WҴ xs71eԤm*ٖ웗H''.Cnmy]݊Kra[9)Y#2U6d7tf.[R.GdE>#O_.+-K`{KonR_ÕM/)?:F,Xo1ƽRmz8C]lD %(x+d2Ah+\CCLJ!D65x\ȼv)\Nrp*[YُfL*PyVΚuWA K4hyYdwihNIy#ub?4NDϐ'4 :nFe(o%ve@@xl-k%QƭRP&kεMŪ-Ys2u ]T!}8*TQnZ}v =~mԧyDM&8K>2|Bnugܷ.wvCs̼5F^ubES7ݢM&4Ź-~mKx1((sr!M5uy\q)oy|a)ˣ,A?w"T휳2\F}PR-<2%`~4Z5\W"(USkGpT(~Qj>ɰ쏳ǓSKKx's]nEf'.iݙL>Moƹk7ݭ[.г6lk<;?)#E]xFU7'>vF%R;t:Җs}NSBWX=Y8ث}~G)S^^ƽwR[)/Fm-ڞTK~˓Z]U;RQ=M/"NԝP[-Y9t_8V+}P?Ue{M/O&WWKvc#r'KM'p[±vtpRC/W|7K2Rfm;ljm%Z]^T[6}6iTC }L[uxg7(Z}. SRI)jҞzȶ쳢oYRw$ŷ"J\ǭw{u'R taF{;3hHB\RP(*ZQ]y;;k٥nWbGKv-V?NDҞkd9@z LJ}Kc9C*?V-*[*۸-0.|󲝳ߗZK#%_OFGF$kC$[NNJ7Yn[k~Xzc+Sʲuhsw^^4+nElbƮKD,}YLV=i=|p|_=b5mȵ(~,em#Xƥ.sVoEaWXc.lY uG\m';'*\ӆ}|˯UfQBvo}/"zw + qvMrQ[[AdU2ٽCGgjؖS~Ev%9">$_2Sߚ%ѽ7jX(t#21r{̬F]b()?r[Rı)W[O/6]XL9 vuLh-Ȃ9"'7f!Փ䮿Bf}[lag֧]?Pc#D9EmfK7o*})+n!]qIo^FrNVNo!Eƃd#OP?%ۋ(mPu93ۣ{}2&$%cZ߯LҚY);U afԶd,*'6_?B:R~}^̬~mJ+vC}Ѩe"MY+mi :s쥸;iJeYvBddeK|#5/mzR]F2 JHUU )/S{Ic$=: W)>} @0#URsR=w"L{+ɞ)d|*qq2>[nƨDۋ-G[6½J|{Ѿ4MwyG-Σ Ze{ug>2|'zΤ2%xՑ*<Q̥T')uLkjn(zF-JOR}wn~FV5zq2m'^VS=7Y^RdfeO)>EpX붚w*r*w˿^kڴ{J;K۔sRŶU]p\zn@dx6[+yeH[_m_/I&mv|M5&&-G"v۴^{vg8Y(K_~h0e AxfrzڬkhS/Vy1ϯdW3'͹}{'V-:MW(V/ͷ*E7s\EmEW}bUr'k,P{9?B֫ #[uNrB,wo^{fdF(5tRf.2J-/:~ t0M"d_/c^32*q]yLl^2[ݥZc*vtm213r'tSuM-Խ#o/HF+2VEpmǦޟS?Rs+t:u G8n,Ԛf,hY8SX*rKf>+cpruɬ=DMrXgϸ:~ɲ ~]'5'kElw\=ڞAG&')G9R\_̝1K;nPg&T(ի[^Jҟ"qoӸ.W}3mF>'$<\U6-~?x?B~{^xkpv-vlߣe빹j\(ښsuu6lH(qoaYt?x8}Ie '@b%TݲygV.+O9/W4MsCMuFjYzG.{ds.k(>G~K?ni-=R r}r ?s̥%l5Ϛ9IN6~۩RĢWNʾE[|nb.HY—קWkr1ҺշMNDp)^¸R:w;u1 12]T/Uiʹd%2OC2K*r5S]g凫5 UQ.ȫ– /i91njFkQxuJ1rn%XDžy?s˗վuMGƋ/m^J*RsF))uF,'l{=|nFm9:N\%u#tnXE->e2Y0PũjUȨEŭ|'eʹ[o{Ցms%CGg/}t|snzrvm\g}cÊ94Pvg'L}ّg궮ԱߢO^f.W-sT]M˔ېе<^Н'KuNn_Vl8*Kж^ xsuW51-ᅱFzƉT-kY/9wzDޯ/XlW)gypǚjDɨ~{ݤHCim.[>rqE_Uرx/>|L64%aj;fxӱF(K֓J9՞ -K> I_5Enn´&=Oc%o̟IJZF$۲5I9Wݚ n.WTuѲӏ[4U/9.2zX5\j3ĎEsMq4%9.d[7јc9eNa+sjE';%s#ɤ`ףS=WI쫢.Mv:j/[3:rTF_zt:.z%udW%]xܮVz$Vŗ49[^y.խN~M&mx+wGR~_4KC[ʻ:v>03߶v9x-Mȧ$c:lrCWjeg%ֹ_Nh՝Qɏj^ϛr^.>WhlE5yֵ6\W^确]*гc&^NI[oCDn.ߑ!,m&M_/'Mn$s\r^8|uSZZ1|LV<(zq׮xmٚZƏ%.Ԁs^2𱸒O#&,s[mײ9kޖCoSq&俙qxP.N] 2UǎsM2iN.f r[mcQZmFُE{#[TbҔ*sfaSrn^8N<\_'MarJ6 EQғ|F[S'[~q~kmn[_x?B f5Q١X=g(~[Cx}GO ĺo'e)~dq(Ot`sN=~heu ::m'Cjj>~5V柙cyQD%uqEc{[l^U O]b~eŦۑ'W3&' 2V.^D%G S6\wYNO$. O+^ŵG~haEs^=1*bICzFF4O#,Wu3허ekB\I'tWMߩOG3iFz{rgeM9g r] i3gk&u1r/1kVgR-ɿuF .^;3;?3큦bN̂r4ovMkڞ}[:,IVG<};*-2",>K%bK2Ƨ[w!)ˤ;d?4%Ul2ږec4#ōIw^R_/TFX+*FM[F|a'ߚ2SIMeVGn ~&Y Ym(?ԛ],=|сG4yjk"Q^~ԗ^c,qqrg^-:Uc[E8>>k|nS..LBIc>3i|ZEZXAqm nuOm<; X~mrK=~ ƱrSN<U!F΋WS/|t?K)zd} ,C"ovx?bբs3mX3桭X֖˦kFddhg}$ggSo5jL*NdJis$ EQ\v=0HxzyW~FT_Ƶccg,&=_V(%kq+_÷O'[_[Uڽv F $Ξ9n5EN/4Yy/%*} .jΔ`V_6\VͲohzfOgޯzpj}y}v:34WH;+x7ӻu<ݦ"mJ/=>eoD֣c4kXW-[}٬6;t[Na_• _5i5˗sٴ]+e;Joj㼶ۙyLumo5&F)F\ {(sm_M>gzcr)KU̠Ħ=VDd'h;-aŤ9KٰqQܫަazMp4bk9 UX.ͮ]KeS5Uq[¹X0ɦ6]roFjʧ2׏6/C6eQE5KӰmsFnIz&`z팡-ٯ.ixyك?c2//z6M4W[]_"?Õ[? Vfvӳq]I5(d|MʝzcC*mN>B2gD+><e:Gh %UkW%zJ8k_ˠ=KFRfw{sŖ^q\/{v[Ω}gLjT[t_ޕg6G~rkkMcSRKբ54?SAûO1o%[>5/R~CioNdNʛćh>f6H8c/<1xd[ŦCEk.9"ej?w&O6^ژR[vrQ.z㎩f6:V8}hi2z~ s-w]+|I9s_C~>-S&9ZFVLf7-d'pՠplJ#mm؎s(?Ʋ?/A%_sXuGNnR}_dq>1ʍ|У3]NXYZʷ/&ܛ彖LS? 6]"_t5qP5Kq]^m91jW暹U6-5WU澦M0˵f2ӪǮ.P~? _nEJTcTei)ٳrۣ%x %gs}7l9'tb~dXst# r?}Weaq>=+to)7،E*vn\e_,\NFxcivz]tM˼?Oԝ2Zrλs-ĺEtonIIfm/9^[^EBUjOnr6vI& l]%0")2䒶-+R*zyX<> -X9GUo^xYQ8ιvixٔa\t)hv}ьոVU~tK,=_wLLa?TYIo]$`N6cbi?#7;MRt<.~Q-mob\\g5췍 ڌ_?8nfJN/Y͢n3?_sϩ{HiְPo'yS??_jߡWi5q? MWȲ)8a]lLˏ--b[TXlΫRy;o5뜾$HW.mm?շG[Ƀ seo5Q}Le%*،«~uU{R$t\^%!weX:G('6WupTS&~8=jo?2_PϖE[nf6Tٯ;GLW)NM[o*\j%.gb|䭹noOX:1R)UTj74˓]D_bʝkzNI.9|^G`KeQ{mOjX/sR7evdgi7qm}ތW&4=~|YY)?7Oj}xXkF×4c.l?i|b[5Ή5j-[Y\z<茲Z$Ff&o;gErǩݦ̪/q[&[/9uuzi;PS^_/?]=ΕqK~ӛ5'NM[m_Ϲc'[oӯE#g߂vvGNRo϶o5Ǩ[ɉtov2~i<7iSȜN(G5+/ٛMTܣukj鷣/$1˒!Mxr\ߤs1ZuMQȌ^]c$CXrj#N/˦Ķ9]Nzê5zi;W,v!ŧD6zğ7uR5^MW}>igl2U2nXo{}_w]&vte\Z3 MEEe/ 2s㗼S_bIղTI}|[Ye/c]*̪9u/DmyNxSDgi `Z?.RFj۪'~.[KVb޺o濡to?E#[.^y=q4F8ڎ/GX\.YW!Z.ѕtt:?gYYyU%Uw~ri>ȦKhg,5/=>V?TrN4aWO,oӕ7-SRi*"dܽpuaVQÞd-#J2Nr:#``ѧWR-F?I-T -cOT2pr?þזgE\Ij~L9%EMoџUؙt8_eYΧWjU}e9y9z/#TT-2dLt3H=ڼcKb'"uIٓ'[[߱F~\2]r%C]^VCLjm[cJNryf}ջ.[DEoRՒb'>fVy_c6[K4Na5>{ɳaw/Uj.Զ_K~?IeJ7OQx3IgFc*جɊǽ-o3Ӭp / ]7V*ENܜ[r/tOJΉw*ʨ*JFN^.WZeLgUwKi/M9y8dkOᛊHxGĶM*&#h/U|6D(uFyE5hYxiSEVm^D|,ۿCj;<*ouOkYpΔ2{x-L] !k2ا#IM'a7:M}M1Y儭Mnk[/;4Uwkkɫ%aɔoXVV$m;2Z4i9:>\Yů= ?[{t6,~!c`Un+dW.gKyIB]l+3kض(\MZ\}>k\C~閹l[ů]VNtƸr몮X+U>v'nv{y7s[г̭9Ctvt% GqT8=wa(6\Rd柮YWv^Fd^\+緉,+=-^S"k:NVu o[_TIѝ椯bF/G㿏dΙ?T}K-T)W>s?3M)V*,;P\,}B u{rDexڥVFfw}47׋w}]Դ 1dmk1V%/'T:Fǒ_TEe[l/l/ٯc{Ƀ[~`zj⾥r}Vܪ{M8Qv]$mU]8J2MngcxY?鑞.9HjxSy.fS(|]MgcK2$(jRQ3XO|<f:Jq4& fw|$N )A8ת99 mFNM*Dϒ NoIa9i9y?:D⻧߇\7ɧ]mu"-˥5/w̨_ 7DK['[2"(%xzT\*GT"+<,yX.lEJrfo?.4N;l>jmZߣ5FdB3\r,t,./S]Q{tm5lӕT~A [fv7Iہc: ΪN7I]2(|o$NLW"#~Dͭ=v-Mv{-lqn{I3xn'6.=DƟܖަ~deQV;k2Ei\[bӴ1_]OhZl朠&t3xkei+c\'ZԪ'hK梿X@cTԫ#emIz6e^i?8 NBc̆f+MׇdC]YSd%lώ8-c7eι/}_con/no\핍~[WNReXMo+اn ?#Ͷ-AUFN1V4!y,{1a$S﹑;Ǚr"__[o) xk}7EI/riwؙ7mR}`|yrEVdo/B# uٳiNQKQkᑑ^d@/=ˑɒ768fsuor9=7ףܹճpMr-$1uySOZN?đrqզ9F q=.!T?ػ bf{¯q=$^:!ES߿ Fu\OS,8e^UוS^hF4BQƺȪw-kF39@X06 Fv=Q^|ƞ5}2tnmG_|Λ(|%](-5>KȁN$=6lq).12 V6m$ׇlOcҫܸ K{;ľ>+Q?Rx-Keu uMy$i B}G*h$Q -W[-&a"[i\}~Ek$<~c{MffS eS.#\^lMiytު]9S{u4 {DFޅSź}R ]R$y;r/P̙3niXMt;&!rxw\ZFmQ"w\L{^۔K&/gr:m=2%5bwE"^e[\$ɟPi!U_rdS2d?=[!(I.rC QZEim%}|YmzZ_ά<ۡLQM|` ybPȏ}?]Eu[`kҫgFb~F}Q8NP>5lӳ^-K%Q}$sx7SvnfTƸ|Kzd'_ⰽח$4L Y?qy32t j2e ȜrJ{mبhۍUU'p#8y'ѝ=i+Tĩo7WYyČkL5؝M=%"Nt}eXW)N.~sv5pɮ sSQ[+-/}kVk'FEɩ9SE&T=&\緵 --tf.9Ѳ4_##_ɱTFV؞~YTddS&s=䟚Fb1._5}~gM'p#,U hs--XG wtԹTi7M:GYK5'^W?C>_Gq/S&d| k_gO ӊiJeHU G_ Êg#),}-:5>V1emq}t}q?meKU:BqJeiPɗ#\$sI} Z生ƫoo=V=pVcUg"%wEm叡vIdhrȔ~F]p58_.,O|'Ɇ^L!c6OWӷ{x9?Fp?ceOuT+Uɵݹ&gx9i퓃sxGIm}_3Īr#:ԣ?4בc[jö#B7KʌWNo)=+c }YvP{lv^r+5Vxx_:~=̌Q}CTy+Wh鸚f$101뢊F[#--Y\i@l)W8/E>8nlj/ktOľ,q*[sE[]:?ZeQvŔɺ|j(Wx,LW=:S?κq%81c)jJvODLiW,{96vr-2}-EH,}%3k#l5gl~x__W Sڎ 8YJQvA=QIWju6-X9$kWЩCI4UWd'&O/Cf=Pi/#+>n$KYst܅y4ʷD^~%~myj,s_4Q}΍Cή;SW:h=Ff{.B/inȇo=-T͸OY2}hlK}.m7-z?,f-/^b\QWs/_͔/3In[6M;l ygؼ!WUË_)D9YL4_>f}ϵ3hV5Oѣ(l8?L4蹥[-Э=7V{&ʢPʼ*3cMz>u4@[oM gKS[jy"Lھzɵfx)GE`ֿ.=kJ>/iˢ[j-qץQC B@o V(ʯG?Bܻ\I>=K-].(vOE.5׮=/Pf^&$caY9{3މ%YOxZ~6Z;;ԗ.NJzş/YϖĜ%ѿO^tY$ν4|e}2ɶU9A؜h˺LrIm%J.|I]kG|DzU k4'(T\9߱^!z -:mW^ <= <^2*;Seq(6ªsHf5ʸO{Ilr~G uJY^k5X_y;5'59O@ƣ̶>pnCOvNwX4oUUf]Џe%MV9Xm9]x'Q=82z)c/~1\~LSow>ﺍƻUql~Sqo羘sk}VjG71kYؽ]b4qnMӡ; w@̇IL㿗[43)]=v*)EH'a񖳋ҎTkxuXGK& ZIR(M8?:ixJp-dmckpu*%N^-7E3='ceE&';_J'Mw𶥏Y9+d9+>!e_Sn|VX -TZu]Ģ/6\ckr /ޗ/z[y.N:*k$ }Yǭ}GUm^-%dm;K_#ctBsg2:8rz-VE|T w.}w9NEPGnoCe8/&3qT}MJ̙Mۗ~哳,-WI_Bsh+~͛vN{ZdYKݲkr%+lo*re-ه?:vYqFfCsqMXRķ{yqgrx.oǓ\xdڗ_ZC9WomX|KmV_%UJܷr$drȳL~MoKyYLic Jq<1$UuٯTד374s<ĕ96춉r9 pGc9=p^:)ZJb&VӝXٽ 0/X& ۳*_ԙƏ.5J 6<$$6B0d_d?hqd>XCe- wO@pg:.>$.Ϣ~L޲|,{-ɪ2.u/Ds-[ُiVIWK5M#Fܭ3?x.)ۣ,wJ)Ȳڣ-#fbdq&Tͧ8Q,YqQ)/R­?\k˔[p_+ogzP[6r^o}_kT}JiJ;<ivEH8wI@MOPʊ\#+$%PDF-1.7 GIF89;
ANDA PELER
Server IP : 182.253.108.180  /  Your IP : 3.135.215.82
Web Server : Apache
System : Linux sma1wiradesa.sch.id 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64
User : wijaya ( 1017)
PHP Version : 7.3.33-10+ubuntu18.04.1+deb.sury.org+1
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/bin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     

Current File : /usr/bin/firewallctl
#!/usr/bin/python3 -Es
# -*- coding: utf-8 -*-
#
# Copyright (C) 2009-2016 Red Hat, Inc.
#
# Authors:
# Thomas Woerner <twoerner@redhat.com>
# Jiri Popelka <jpopelka@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

from gi.repository import GObject
import sys
sys.modules['gobject'] = GObject

import argparse
import os

from firewall.client import FirewallClient, FirewallClientIPSetSettings, \
    FirewallClientZoneSettings, FirewallClientServiceSettings, \
    FirewallClientHelperSettings, FirewallClientIcmpTypeSettings
from firewall.errors import FirewallError
from firewall import errors
from firewall.functions import joinArgs, splitArgs
from firewall.core.fw_nm import nm_is_imported, \
    nm_get_connection_of_interface, nm_get_zone_of_connection, \
    nm_set_zone_of_connection
from firewall.core.io.zone import zone_reader
from firewall.core.io.service import service_reader
from firewall.core.io.ipset import ipset_reader
from firewall.core.io.helper import helper_reader
from firewall.core.io.icmptype import icmptype_reader
from firewall.command import FirewallCommand

#

def try_set_zone_of_interface(_zone, interface):
    if nm_is_imported():
        try:
            connection = nm_get_connection_of_interface(interface)
        except Exception:
            pass
        else:
            if connection is not None:
                if _zone == nm_get_zone_of_connection(connection):
                    if _zone == "":
                        cmd.print_warning("The interface is under control of "
                                          "NetworkManager and already bound to "
                                          "the default zone")
                    else:
                        cmd.print_warning("The interface is under control of "
                                          "NetworkManager and already bound "
                                          "to '%s'" % _zone)
                if _zone == "":
                    cmd.print_msg("The interface is under control of "
                                  "NetworkManager, setting zone to default.")
                else:
                    cmd.print_msg("The interface is under control of "
                                  "NetworkManager, setting zone "
                                  "to '%s'." % _zone)
                nm_set_zone_of_connection(_zone, connection)
                return True
    return False

#

parser = argparse.ArgumentParser(
    description="firewall command line control utility")
subparsers = parser.add_subparsers()

# output

grp_output = parser.add_mutually_exclusive_group()
grp_output.add_argument("-v", "--verbose", action="store_true")
grp_output.add_argument("-q", "--quiet", action="store_true")

# version

grp_version = subparsers.add_parser("version", help="Show firewall version")
grp_version.set_defaults(parser="version")

# state

grp_state = subparsers.add_parser("state", help="Get firewalld state")
grp_state.set_defaults(parser="state")

# reload

grp_reload = subparsers.add_parser("reload", help="Reload firewalld")
grp_reload.set_defaults(parser="reload")
grp_reload.add_argument("-c", "--complete", action="store_true")

# runtime_to_permanent

grp_runtime_to_permanent = subparsers.add_parser(
    "runtime-to-permanent", help="Save run-time as permanent configuration")
grp_runtime_to_permanent.set_defaults(parser="runtime-to-permanent")

#############################################################################

# list

grp_list = subparsers.add_parser(
    "list", help="List zones, services ipsets, helpers or icmptypes")
grp_list.set_defaults(parser="list")

grp_list_subparsers = grp_list.add_subparsers(help="Commands")

grp_list_zones = grp_list_subparsers.add_parser("zones", help="List zones")
grp_list_zones.set_defaults(list="zones")
group = grp_list_zones.add_mutually_exclusive_group()
group.add_argument("-a", "--active", action="store_true")
group.add_argument("-p", "--permanent", action="store_true")

grp_list_services = grp_list_subparsers.add_parser(
    "services", help="List services")
grp_list_services.set_defaults(list="services")
grp_list_services.add_argument("-p", "--permanent", action="store_true")

grp_list_ipsets = grp_list_subparsers.add_parser("ipsets", help="List ipsets")
grp_list_ipsets.set_defaults(list="ipsets")
grp_list_ipsets.add_argument("-p", "--permanent", action="store_true")

grp_list_helpers = grp_list_subparsers.add_parser(
    "helpers", help="List helpers")
grp_list_helpers.set_defaults(list="helpers")
grp_list_helpers.add_argument("-p", "--permanent", action="store_true")

grp_list_icmptypes = grp_list_subparsers.add_parser(
    "icmptypes", help="List icmptypes")
grp_list_icmptypes.set_defaults(list="icmptypes")
grp_list_icmptypes.add_argument("-p", "--permanent", action="store_true")

#############################################################################

# info

grp_info = subparsers.add_parser(
    "info", help="Info about a zone, service, ipset, helper or icmptype")
grp_info.set_defaults(parser="info")
grp_info_subparsers = grp_info.add_subparsers(help="Commands")

grp_info_zone = grp_info_subparsers.add_parser("zone", help="Info about a zone")
grp_info_zone.set_defaults(info="zone")
grp_info_zone.add_argument("zone", action="store", metavar="<zone>")
grp_info_zone.add_argument("-p", "--permanent", action="store_true")

grp_info_zones = grp_info_subparsers.add_parser(
    "zones", help="Info about all zones")
grp_info_zones.set_defaults(info="zones")
group = grp_info_zones.add_mutually_exclusive_group()
group.add_argument("-a", "--active", action="store_true")
group.add_argument("-p", "--permanent", action="store_true")

grp_info_service = grp_info_subparsers.add_parser(
    "service", help="Info about a service")
grp_info_service.set_defaults(info="service")
grp_info_service.add_argument("service", action="store", metavar="<service>")
grp_info_service.add_argument("-p", "--permanent", action="store_true")

grp_info_services = grp_info_subparsers.add_parser(
    "services", help="Info about all services")
grp_info_services.set_defaults(info="services")
grp_info_services.add_argument("-p", "--permanent", action="store_true")

grp_info_ipset = grp_info_subparsers.add_parser(
    "ipset", help="Info about ipsets")
grp_info_ipset.set_defaults(info="ipset")
grp_info_ipset.add_argument("ipset", action="store", metavar="<ipset>")
grp_info_ipset.add_argument("-p", "--permanent", action="store_true")

grp_info_ipsets = grp_info_subparsers.add_parser(
    "ipsets", help="Info about all ipsets")
grp_info_ipsets.set_defaults(info="ipsets")
grp_info_ipsets.add_argument("-p", "--permanent", action="store_true")

grp_info_helper = grp_info_subparsers.add_parser(
    "helper", help="Info about a helper")
grp_info_helper.set_defaults(info="helper")
grp_info_helper.add_argument("helper", action="store", metavar="<helper>")
grp_info_helper.add_argument("-p", "--permanent", action="store_true")

grp_info_helpers = grp_info_subparsers.add_parser(
    "helpers", help="Info about all helpers")
grp_info_helpers.set_defaults(info="helpers")
grp_info_helpers.add_argument("-p", "--permanent", action="store_true")

grp_info_icmptype = grp_info_subparsers.add_parser(
    "icmptype", help="Info about a icmptype")
grp_info_icmptype.set_defaults(info="icmptype")
grp_info_icmptype.add_argument("icmptype", action="store", metavar="<icmptype>")
grp_info_icmptype.add_argument("-p", "--permanent", action="store_true")

grp_info_icmptypes = grp_info_subparsers.add_parser(
    "icmptypes", help="Info about all icmptypes")
grp_info_icmptypes.set_defaults(info="icmptypes")
grp_info_icmptypes.add_argument("-p", "--permanent", action="store_true")

#############################################################################

# zone

grp_zone = subparsers.add_parser("zone", help="Zone commands")
grp_zone.set_defaults(parser="zone")
grp_zone.add_argument("zone", type=str, action="store", metavar="<zone>")
grp_zone.add_argument("-p", "--permanent", action="store_true")

zone_subparsers = grp_zone.add_subparsers(help="Zone Commands")

# zone.load_defaults

grp_zone_load_defaults = zone_subparsers.add_parser(
    "load-defaults", help="Load defaults")
grp_zone_load_defaults.set_defaults(action="load-defaults")

# zone.add

grp_zone_add = zone_subparsers.add_parser("add", help="Add commands")
grp_zone_add.set_defaults(action="add")

zone_add_subparsers = grp_zone_add.add_subparsers()

# zone.add.interface

grp_zone_add_interface = zone_add_subparsers.add_parser(
    "interface", help="Add interface")
grp_zone_add_interface.set_defaults(item="interface", required=True)
grp_zone_add_interface.add_argument("interface", metavar="<interface>",
                                    nargs="+")

# zone.add.source

grp_zone_add_source = zone_add_subparsers.add_parser("source",
                                                     help="Add source")
grp_zone_add_source.set_defaults(item="source", required=True)
grp_zone_add_source.add_argument("source", metavar="<source>", nargs="+")

# zone.add.service

grp_zone_add_service = zone_add_subparsers.add_parser("service",
                                                      help="Add service")
grp_zone_add_service.set_defaults(item="service", required=True)
grp_zone_add_service.add_argument("service", metavar="<service>", nargs="+")
grp_zone_add_service.add_argument("-t", "--timeout", type=int, default=0,
                                  metavar="<seconds>")

# zone.add.port

grp_zone_add_port = zone_add_subparsers.add_parser("port", help="Add port")
grp_zone_add_port.set_defaults(item="port")
grp_zone_add_port.add_argument("port", metavar="<port>", nargs="+")
grp_zone_add_port.add_argument("-t", "--timeout", type=int, default=0,
                               metavar="<seconds>")

# zone.add.protocol

grp_zone_add_protocol = zone_add_subparsers.add_parser("protocol",
                                                       help="Add protocol")
grp_zone_add_protocol.set_defaults(item="protocol")
grp_zone_add_protocol.add_argument("protocol", metavar="<protocol>", nargs="+")
grp_zone_add_protocol.add_argument("-t", "--timeout", type=int, default=0,
                                   metavar="<seconds>")

# zone.add.source-port

grp_zone_add_source_port = zone_add_subparsers.add_parser(
    "source-port", help="Add source port")
grp_zone_add_source_port.set_defaults(item="source-port")
grp_zone_add_source_port.add_argument("port", metavar="<source-port>",
                                      nargs="+")
grp_zone_add_source_port.add_argument("-t", "--timeout", type=int, default=0,
                                      metavar="<seconds>")

# zone.add.rich-rule

grp_zone_add_rich_rule = zone_add_subparsers.add_parser("rich-rule",
                                                        help="Add rich rule")
grp_zone_add_rich_rule.set_defaults(item="rich-rule", required=True)
grp_zone_add_rich_rule.add_argument("rich_rule", metavar="<rich-rule>",
                                    nargs="+")
grp_zone_add_rich_rule.add_argument("-t", "--timeout", type=int, default=0,
                                    metavar="<seconds>")

# zone.add.masquerade

grp_zone_add_masquerade = zone_add_subparsers.add_parser("masquerade",
                                                         help="Add masquerade")
grp_zone_add_masquerade.set_defaults(item="masquerade", required=True)
grp_zone_add_masquerade.add_argument("-t", "--timeout", type=int, default=0,
                                     metavar="<seconds>")

# zone.add.forward-port

grp_zone_add_forward_port = zone_add_subparsers.add_parser(
    "forward-port", help="Add forward-port")
grp_zone_add_forward_port.set_defaults(item="forward-port")
grp_zone_add_forward_port.add_argument("forward_port",
                                       metavar="<forward-port>", nargs="+")
grp_zone_add_forward_port.add_argument("-t", "--timeout", type=int, default=0,
                                       metavar="<seconds>")

# zone.add.icmp-block

grp_zone_add_icmp_block = zone_add_subparsers.add_parser("icmp-block",
                                                         help="Add icmp-block")
grp_zone_add_icmp_block.set_defaults(item="icmp-block", required=True)
grp_zone_add_icmp_block.add_argument("icmp_block", metavar="<icmp-block>",
                                     nargs="+")
grp_zone_add_icmp_block.add_argument("-t", "--timeout", type=int, default=0,
                                     metavar="<seconds>")

# zone.add.icmp-block-inversion

grp_zone_add_icmp_block_inversion = zone_add_subparsers.add_parser(
    "icmp-block-inversion", help="Add icmp-block-inversion")
grp_zone_add_icmp_block_inversion.set_defaults(item="icmp-block-inversion",
                                               required=True)


# zone.get

grp_zone_get = zone_subparsers.add_parser("get", help="Get commands")
grp_zone_get.set_defaults(action="get")

zone_get_subparsers = grp_zone_get.add_subparsers()

# zone.get.description

grp_zone_get_description = zone_get_subparsers.add_parser(
    "description", help="Get description")
grp_zone_get_description.set_defaults(item="description")

# zone.get.short

grp_zone_get_short = zone_get_subparsers.add_parser(
    "short", help="Get short")
grp_zone_get_short.set_defaults(item="short")


# zone.set

grp_zone_set = zone_subparsers.add_parser("set", help="Set commands")
grp_zone_set.set_defaults(action="set")

zone_set_subparsers = grp_zone_set.add_subparsers()

# zone.set.description

grp_zone_set_description = zone_set_subparsers.add_parser(
    "description", help="Set description")
grp_zone_set_description.set_defaults(item="description")
grp_zone_set_description.add_argument("description", metavar="<description>")

# zone.set.short

grp_zone_set_short = zone_set_subparsers.add_parser(
    "short", help="Set short")
grp_zone_set_short.set_defaults(item="short")
grp_zone_set_short.add_argument("short", metavar="<short>")


# zone.remove

grp_zone_remove = zone_subparsers.add_parser("remove", help="Remove commands")
grp_zone_remove.set_defaults(action="remove")

zone_remove_subparsers = grp_zone_remove.add_subparsers()

# zone.remove.interface

grp_zone_remove_interface = zone_remove_subparsers.add_parser(
    "interface", help="Remove interface")
grp_zone_remove_interface.set_defaults(item="interface")
grp_zone_remove_interface.add_argument("interface", metavar="<interface>",
                                       nargs="+")

# zone.remove.source

grp_zone_remove_source = zone_remove_subparsers.add_parser("source",
                                                           help="Remove source")
grp_zone_remove_source.set_defaults(item="source")
grp_zone_remove_source.add_argument("source", metavar="<source>", nargs="+")

# zone.remove.service

grp_zone_remove_service = zone_remove_subparsers.add_parser(
    "service", help="Remove service")
grp_zone_remove_service.set_defaults(item="service")
grp_zone_remove_service.add_argument("service", metavar="<service>", nargs="+")

# zone.remove.port

grp_zone_remove_port = zone_remove_subparsers.add_parser("port",
                                                         help="Remove port")
grp_zone_remove_port.set_defaults(item="port")
grp_zone_remove_port.add_argument("port", metavar="<port>", nargs="+")

# zone.remove.protocol

grp_zone_remove_protocol = zone_remove_subparsers.add_parser(
    "protocol", help="Remove protocol")
grp_zone_remove_protocol.set_defaults(item="protocol")
grp_zone_remove_protocol.add_argument("protocol", metavar="<protocol>",
                                      nargs="+")

# zone.remove.source-port

grp_zone_remove_source_port = zone_remove_subparsers.add_parser(
    "source-port", help="Remove source port")
grp_zone_remove_source_port.set_defaults(item="source-port")
grp_zone_remove_source_port.add_argument("port", metavar="<source-port>",
                                         nargs="+")

# zone.remove.rich-rule

grp_zone_remove_rich_rule = zone_remove_subparsers.add_parser(
    "rich-rule", help="Remove rich rule")
grp_zone_remove_rich_rule.set_defaults(item="rich-rule", required=True)
grp_zone_remove_rich_rule.add_argument("rich_rule", metavar="<rich-rule>",
                                       nargs="+")

# zone.remove.masquerade

grp_zone_remove_masquerade = zone_remove_subparsers.add_parser(
    "masquerade", help="Add masquerade")
grp_zone_remove_masquerade.set_defaults(item="masquerade", required=True)

# zone.remove.forward-port

grp_zone_remove_forward_port = zone_remove_subparsers.add_parser(
    "forward-port", help="Remove forward port")
grp_zone_remove_forward_port.set_defaults(item="forward-port")
grp_zone_remove_forward_port.add_argument("forward_port",
                                          metavar="<forward-port>", nargs="+")

# zone.remove.icmp-block

grp_zone_remove_icmp_block = zone_remove_subparsers.add_parser(
    "icmp-block", help="Remove icmp block")
grp_zone_remove_icmp_block.set_defaults(item="icmp-block")
grp_zone_remove_icmp_block.add_argument("icmp_block", metavar="<icmp-block>",
                                        nargs="+")

# zone.remove.icmp-block-inversion

grp_zone_remove_icmp_block_inversion = zone_remove_subparsers.add_parser(
    "icmp-block-inversion", help="Remove icmp block inversion")
grp_zone_remove_icmp_block_inversion.set_defaults(item="icmp-block-inversion")


# zone.query

grp_zone_query = zone_subparsers.add_parser("query", help="Query commands")
grp_zone_query.set_defaults(action="query")

zone_query_subparsers = grp_zone_query.add_subparsers()

# zone.query.interface

grp_zone_query_interface = zone_query_subparsers.add_parser(
    "interface", help="Query interface")
grp_zone_query_interface.set_defaults(item="interface")
grp_zone_query_interface.add_argument("interface", metavar="<interface>",
                                      nargs="+")

# zone.query.source

grp_zone_query_source = zone_query_subparsers.add_parser("source",
                                                         help="Query source")
grp_zone_query_source.set_defaults(item="source")
grp_zone_query_source.add_argument("source", metavar="<source>", nargs="+")

# zone.query.service

grp_zone_query_service = zone_query_subparsers.add_parser("service",
                                                          help="Query service")
grp_zone_query_service.set_defaults(item="service")
grp_zone_query_service.add_argument("service", metavar="<service>", nargs="+")

# zone.query.port

grp_zone_query_port = zone_query_subparsers.add_parser("port",
                                                       help="Query port")
grp_zone_query_port.set_defaults(item="port")
grp_zone_query_port.add_argument("port", metavar="<port>", nargs="+")

# zone.query.protocol

grp_zone_query_protocol = zone_query_subparsers.add_parser(
    "protocol", help="Query protocol")
grp_zone_query_protocol.set_defaults(item="protocol")
grp_zone_query_protocol.add_argument("protocol", metavar="<protocol>",
                                     nargs="+")

# zone.query.source-port

grp_zone_query_source_port = zone_query_subparsers.add_parser(
    "source-port", help="Query source port")
grp_zone_query_source_port.set_defaults(item="source-port")
grp_zone_query_source_port.add_argument("port", metavar="<source-port>",
                                        nargs="+")

# zone.query.rich-rule

grp_zone_query_rich_rule = zone_query_subparsers.add_parser(
    "rich-rule", help="Query rich rule")
grp_zone_query_rich_rule.set_defaults(item="rich-rule")
grp_zone_query_rich_rule.add_argument("rich_rule", metavar="<rich-rule>",
                                      nargs="+")

# zone.query.masquerade

grp_zone_query_masquerade = zone_query_subparsers.add_parser(
    "masquerade", help="Query masquerade")
grp_zone_query_masquerade.set_defaults(item="masquerade")

# zone.query.forward-port

grp_zone_query_forward_port = zone_query_subparsers.add_parser(
    "forward-port", help="Query forward port")
grp_zone_query_forward_port.set_defaults(item="forward-port")
grp_zone_query_forward_port.add_argument("forward_port",
                                         metavar="<forward-port>", nargs="+")

# zone.query.icmp-block

grp_zone_query_icmp_block = zone_query_subparsers.add_parser(
    "icmp-block", help="Query icmp block")
grp_zone_query_icmp_block.set_defaults(item="icmp-block")
grp_zone_query_icmp_block.add_argument("icmp_block", metavar="<icmp-block>",
                                       nargs="+")

# zone.query.icmp-block-inversion

grp_zone_query_icmp_block_inversion = zone_query_subparsers.add_parser(
    "icmp-block-inversion", help="Query icmp block inversion")
grp_zone_query_icmp_block_inversion.set_defaults(item="icmp-block-inversion")


# zone.list

grp_zone_list = zone_subparsers.add_parser("list", help="List commands")
grp_zone_list.set_defaults(action="list")

zone_list_subparsers = grp_zone_list.add_subparsers()

# zone.list.interfaces

grp_zone_list_interfaces = zone_list_subparsers.add_parser(
    "interfaces", help="List interfaces")
grp_zone_list_interfaces.set_defaults(item="interfaces")

# zone.list.sources

grp_zone_list_sources = zone_list_subparsers.add_parser("sources",
                                                        help="List sources")
grp_zone_list_sources.set_defaults(item="sources")

# zone.list.services

grp_zone_list_services = zone_list_subparsers.add_parser("services",
                                                         help="List services")
grp_zone_list_services.set_defaults(item="services")

# zone.list.ports

grp_zone_list_ports = zone_list_subparsers.add_parser("ports",
                                                      help="List ports")
grp_zone_list_ports.set_defaults(item="ports")

# zone.list.protocols

grp_zone_list_protocols = zone_list_subparsers.add_parser("protocols",
                                                          help="List protocols")
grp_zone_list_protocols.set_defaults(item="protocols")

# zone.list.source-ports

grp_zone_list_source_ports = zone_list_subparsers.add_parser(
    "source-ports", help="List source-ports")
grp_zone_list_source_ports.set_defaults(item="source-ports")

# zone.list.rich-rules

grp_zone_list_rich_rules = zone_list_subparsers.add_parser(
    "rich-rules", help="List rich-rules")
grp_zone_list_rich_rules.set_defaults(item="rich-rules")

# zone.list.forward-ports

grp_zone_list_forward_ports = zone_list_subparsers.add_parser(
    "forward-ports", help="List forward ports")
grp_zone_list_forward_ports.set_defaults(item="forward-ports")

# zone.list.icmp-blocks

grp_zone_list_icmp_blocks = zone_list_subparsers.add_parser(
    "icmp-blocks", help="List icmp blocks")
grp_zone_list_icmp_blocks.set_defaults(item="icmp-blocks")

#############################################################################

# service

grp_service = subparsers.add_parser("service", help="Service commands")
grp_service.set_defaults(parser="service")
grp_service.add_argument("service", type=str, action="store",
                         metavar="<service>")
grp_service.add_argument("-p", "--permanent", action="store_true")

service_subparsers = grp_service.add_subparsers(help="Service Commands")

# service.load_defaults

grp_service_load_defaults = service_subparsers.add_parser("load-defaults",
                                                          help="Load defaults")
grp_service_load_defaults.set_defaults(action="load-defaults")

# service.add

grp_service_add = service_subparsers.add_parser("add", help="Add commands")
grp_service_add.set_defaults(action="add")

service_add_subparsers = grp_service_add.add_subparsers()

# service.add.port

grp_service_add_port = service_add_subparsers.add_parser("port",
                                                         help="Add port")
grp_service_add_port.set_defaults(item="port")
grp_service_add_port.add_argument("port", metavar="<port>", nargs="+")

# service.add.protocol

grp_service_add_protocol = service_add_subparsers.add_parser(
    "protocol", help="Add protocol")
grp_service_add_protocol.set_defaults(item="protocol")
grp_service_add_protocol.add_argument("protocol", metavar="<protocol>",
                                      nargs="+")

# service.add.source-port

grp_service_add_source_port = service_add_subparsers.add_parser(
    "source-port", help="Add source port")
grp_service_add_source_port.set_defaults(item="source-port")
grp_service_add_source_port.add_argument("port", metavar="<source-port>",
                                         nargs="+")

# service.add.module

grp_service_add_module = service_add_subparsers.add_parser("module",
                                                           help="Add module")
grp_service_add_module.set_defaults(item="module")
grp_service_add_module.add_argument("module", metavar="<module>", nargs="+")

# service.add.destination

grp_service_add_destination = service_add_subparsers.add_parser(
    "destination", help="Add destination")
grp_service_add_destination.set_defaults(item="destination")
grp_service_add_destination.add_argument("destination",
                                         metavar="<destination>", nargs="+")


# service.get

grp_service_get = service_subparsers.add_parser("get", help="Get commands")
grp_service_get.set_defaults(action="get")

service_get_subparsers = grp_service_get.add_subparsers()

# service.get.description

grp_service_get_description = service_get_subparsers.add_parser(
    "description", help="Get description")
grp_service_get_description.set_defaults(item="description")

# service.get.short

grp_service_get_short = service_get_subparsers.add_parser(
    "short", help="Get short")
grp_service_get_short.set_defaults(item="short")


# service.set

grp_service_set = service_subparsers.add_parser("set", help="Set commands")
grp_service_set.set_defaults(action="set")

service_set_subparsers = grp_service_set.add_subparsers()

# service.set.description

grp_service_set_description = service_set_subparsers.add_parser(
    "description", help="Set description")
grp_service_set_description.set_defaults(item="description")
grp_service_set_description.add_argument("description", metavar="<description>")

# service.set.short

grp_service_set_short = service_set_subparsers.add_parser(
    "short", help="Set short")
grp_service_set_short.set_defaults(item="short")
grp_service_set_short.add_argument("short", metavar="<short>")


# service.remove

grp_service_remove = service_subparsers.add_parser("remove",
                                                   help="Remove commands")
grp_service_remove.set_defaults(action="remove")

service_remove_subparsers = grp_service_remove.add_subparsers()

# service.remove.port

grp_service_remove_port = service_remove_subparsers.add_parser(
    "port", help="Remove port")
grp_service_remove_port.set_defaults(item="port")
grp_service_remove_port.add_argument("port", metavar="<port>", nargs="+")

# service.remove.protocol

grp_service_remove_protocol = service_remove_subparsers.add_parser(
    "protocol", help="Remove protocol")
grp_service_remove_protocol.set_defaults(item="protocol")
grp_service_remove_protocol.add_argument("protocol", metavar="<protocol>",
                                         nargs="+")

# service.remove.source-port

grp_service_remove_source_port = service_remove_subparsers.add_parser(
    "source-port", help="Remove source port")
grp_service_remove_source_port.set_defaults(item="source-port")
grp_service_remove_source_port.add_argument("port", metavar="<source-port>",
                                            nargs="+")

# service.remove.module

grp_service_remove_module = service_remove_subparsers.add_parser(
    "module", help="Remove module")
grp_service_remove_module.set_defaults(item="module")
grp_service_remove_module.add_argument("module", metavar="<module>", nargs="+")

# service.remove.destination

grp_service_remove_destination = service_remove_subparsers.add_parser(
    "destination", help="Remove destination")
grp_service_remove_destination.set_defaults(item="destination")
grp_service_remove_destination.add_argument("destination",
                                            metavar="<destination>", nargs="+")


# service.query

grp_service_query = service_subparsers.add_parser("query",
                                                  help="Query commands")
grp_service_query.set_defaults(action="query")

service_query_subparsers = grp_service_query.add_subparsers()

# service.query.port

grp_service_query_port = service_query_subparsers.add_parser("port",
                                                             help="Query port")
grp_service_query_port.set_defaults(item="port")
grp_service_query_port.add_argument("port", metavar="<port>", nargs="+")

# service.query.protocol

grp_service_query_protocol = service_query_subparsers.add_parser(
    "protocol", help="Query protocol")
grp_service_query_protocol.set_defaults(item="protocol")
grp_service_query_protocol.add_argument("protocol", metavar="<protocol>",
                                        nargs="+")

# service.query.source-port

grp_service_query_source_port = service_query_subparsers.add_parser(
    "source-port", help="Query source port")
grp_service_query_source_port.set_defaults(item="source-port")
grp_service_query_source_port.add_argument("port", metavar="<source-port>",
                                           nargs="+")

# service.query.module

grp_service_query_module = service_query_subparsers.add_parser(
    "module", help="Query module")
grp_service_query_module.set_defaults(item="module")
grp_service_query_module.add_argument("module", metavar="<module>", nargs="+")

# service.query.destination

grp_service_query_destination = service_query_subparsers.add_parser(
    "destination", help="Query destination")
grp_service_query_destination.set_defaults(item="destination")
grp_service_query_destination.add_argument("destination",
                                           metavar="<destination>", nargs="+")


# service.list

grp_service_list = service_subparsers.add_parser("list", help="List commands")
grp_service_list.set_defaults(action="list")

service_list_subparsers = grp_service_list.add_subparsers()

# service.list.services

grp_service_list_services = service_list_subparsers.add_parser(
    "services", help="List services")
grp_service_list_services.set_defaults(item="services")

# service.list.ports

grp_service_list_ports = service_list_subparsers.add_parser("ports",
                                                            help="List ports")
grp_service_list_ports.set_defaults(item="ports")

# service.list.protocols

grp_service_list_protocols = service_list_subparsers.add_parser(
    "protocols", help="List protocols")
grp_service_list_protocols.set_defaults(item="protocols")

# service.list.source-ports

grp_service_list_source_ports = service_list_subparsers.add_parser(
    "source-ports", help="List source-ports")
grp_service_list_source_ports.set_defaults(item="source-ports")

# service.list.modules

grp_service_list_modules = service_list_subparsers.add_parser(
    "modules", help="List modules")
grp_service_list_modules.set_defaults(item="modules")

# service.list.destinations

grp_service_list_destinations = service_list_subparsers.add_parser(
    "destinations", help="List destinations")
grp_service_list_destinations.set_defaults(item="destinations")

#############################################################################

# ipset

grp_ipset = subparsers.add_parser("ipset", help="Ipset commands")
grp_ipset.set_defaults(parser="ipset")
grp_ipset.add_argument("ipset", type=str, action="store", metavar="<ipset>")
grp_ipset.add_argument("-p", "--permanent", action="store_true")

ipset_subparsers = grp_ipset.add_subparsers(help="Ipset Commands")

# ipset.load_defaults

grp_ipset_load_defaults = ipset_subparsers.add_parser("load-defaults",
                                                      help="Load defaults")
grp_ipset_load_defaults.set_defaults(action="load-defaults")

# ipset.add

grp_ipset_add = ipset_subparsers.add_parser("add", help="Add commands")
grp_ipset_add.set_defaults(action="add")

ipset_add_subparsers = grp_ipset_add.add_subparsers()

# ipset.add.entry

grp_ipset_add_entry = ipset_add_subparsers.add_parser("entry", help="Add entry")
grp_ipset_add_entry.set_defaults(item="entry")
grp_ipset_add_entry.add_argument("entry", metavar="<entry>", nargs="+")

# ipset.add.entries-from-file

grp_ipset_add_entries_from_file = ipset_add_subparsers.add_parser(
    "entries-from-file", help="Add entries from file")
grp_ipset_add_entries_from_file.set_defaults(item="entries-from-file")
grp_ipset_add_entries_from_file.add_argument("entries_from_file",
                                             metavar="<filename>", nargs="+")


# ipset.get

grp_ipset_get = ipset_subparsers.add_parser("get", help="Get commands")
grp_ipset_get.set_defaults(action="get")

ipset_get_subparsers = grp_ipset_get.add_subparsers()

# ipset.get.description

grp_ipset_get_description = ipset_get_subparsers.add_parser(
    "description", help="Get description")
grp_ipset_get_description.set_defaults(item="description")

# ipset.get.short

grp_ipset_get_short = ipset_get_subparsers.add_parser("short", help="Get short")
grp_ipset_get_short.set_defaults(item="short")


# ipset.set

grp_ipset_set = ipset_subparsers.add_parser("set", help="Set commands")
grp_ipset_set.set_defaults(action="set")

ipset_set_subparsers = grp_ipset_set.add_subparsers()

# ipset.set.description

grp_ipset_set_description = ipset_set_subparsers.add_parser(
    "description", help="Set description")
grp_ipset_set_description.set_defaults(item="description")
grp_ipset_set_description.add_argument("description", metavar="<description>")

# ipset.set.short

grp_ipset_set_short = ipset_set_subparsers.add_parser("short", help="Set short")
grp_ipset_set_short.set_defaults(item="short")
grp_ipset_set_short.add_argument("short", metavar="<short>")


# ipset.remove

grp_ipset_remove = ipset_subparsers.add_parser("remove", help="Remove commands")
grp_ipset_remove.set_defaults(action="remove")

ipset_remove_subparsers = grp_ipset_remove.add_subparsers()

# ipset.remove.entry

grp_ipset_remove_entry = ipset_remove_subparsers.add_parser("entry",
                                                            help="Remove entry")
grp_ipset_remove_entry.set_defaults(item="entry")
grp_ipset_remove_entry.add_argument("entry", metavar="<entry>", nargs="+")

# ipset.remove.entries-from-file

grp_ipset_remove_entries_from_file = ipset_remove_subparsers.add_parser(
    "entries-from-file", help="Remove entries from file")
grp_ipset_remove_entries_from_file.set_defaults(item="entries-from-file")
grp_ipset_remove_entries_from_file.add_argument("entries_from_file",
                                                metavar="<filename>", nargs="+")

# ipset.remove.all

grp_ipset_remove_all = ipset_remove_subparsers.add_parser(
    "all", help="Remove all entries")
grp_ipset_remove_all.set_defaults(item="all")


# ipset.query

grp_ipset_query = ipset_subparsers.add_parser("query", help="Query commands")
grp_ipset_query.set_defaults(action="query")

ipset_query_subparsers = grp_ipset_query.add_subparsers()

# ipset.query.entry

grp_ipset_query_entry = ipset_query_subparsers.add_parser("entry",
                                                          help="Query entry")
grp_ipset_query_entry.set_defaults(item="entry")
grp_ipset_query_entry.add_argument("entry", metavar="<entry>", nargs="+")

# ipset.query.entries-from-file

grp_ipset_query_entries_from_file = ipset_query_subparsers.add_parser(
    "entries-from-file", help="Query entries from file")
grp_ipset_query_entries_from_file.set_defaults(item="entries-from-file")
grp_ipset_query_entries_from_file.add_argument("entries_from_file",
                                               metavar="<filename>", nargs="+")


# ipset.list

grp_ipset_list = ipset_subparsers.add_parser("list", help="List commands")
grp_ipset_list.set_defaults(action="list")

ipset_list_subparsers = grp_ipset_list.add_subparsers()

# ipset.list.entries

grp_ipset_list_entries = ipset_list_subparsers.add_parser("entries",
                                                          help="List entries")
grp_ipset_list_entries.set_defaults(item="entries")


#############################################################################

# icmptype

grp_icmptype = subparsers.add_parser("icmptype", help="Icmptype commands")
grp_icmptype.set_defaults(parser="icmptype")
grp_icmptype.add_argument("icmptype", type=str, action="store",
                          metavar="<icmptype>")
grp_icmptype.add_argument("-p", "--permanent", action="store_true")

icmptype_subparsers = grp_icmptype.add_subparsers(help="Icmptype Commands")


# icmptype.load_defaults

grp_icmptype_load_defaults = icmptype_subparsers.add_parser(
    "load-defaults", help="Load defaults")
grp_icmptype_load_defaults.set_defaults(action="load-defaults")

# icmptype.add

grp_icmptype_add = icmptype_subparsers.add_parser("add", help="Add commands")
grp_icmptype_add.set_defaults(action="add")

icmptype_add_subparsers = grp_icmptype_add.add_subparsers()

# icmptype.add.destination

grp_icmptype_add_destination = icmptype_add_subparsers.add_parser(
    "destination", help="Add destination")
grp_icmptype_add_destination.set_defaults(item="destination")
grp_icmptype_add_destination.add_argument("destination",
                                          metavar="<destination>", nargs="+")


# icmptype.remove

grp_icmptype_remove = icmptype_subparsers.add_parser("remove",
                                                     help="Remove commands")
grp_icmptype_remove.set_defaults(action="remove")

icmptype_remove_subparsers = grp_icmptype_remove.add_subparsers()

# icmptype.remove.destination

grp_icmptype_remove_destination = icmptype_remove_subparsers.add_parser(
    "destination", help="Remove destination")
grp_icmptype_remove_destination.set_defaults(item="destination")
grp_icmptype_remove_destination.add_argument("destination",
                                             metavar="<destination>", nargs="+")


# icmptype.get

grp_icmptype_get = icmptype_subparsers.add_parser("get", help="Get commands")
grp_icmptype_get.set_defaults(action="get")

icmptype_get_subparsers = grp_icmptype_get.add_subparsers()

# icmptype.get.description

grp_icmptype_get_description = icmptype_get_subparsers.add_parser(
    "description", help="Get description")
grp_icmptype_get_description.set_defaults(item="description")

# icmptype.get.short

grp_icmptype_get_short = icmptype_get_subparsers.add_parser(
    "short", help="Get short")
grp_icmptype_get_short.set_defaults(item="short")


# icmptype.set

grp_icmptype_set = icmptype_subparsers.add_parser("set", help="Set commands")
grp_icmptype_set.set_defaults(action="set")

icmptype_set_subparsers = grp_icmptype_set.add_subparsers()

# icmptype.set.description

grp_icmptype_set_description = icmptype_set_subparsers.add_parser(
    "description", help="Set description")
grp_icmptype_set_description.set_defaults(item="description")
grp_icmptype_set_description.add_argument("description", metavar="<description>")

# icmptype.set.short

grp_icmptype_set_short = icmptype_set_subparsers.add_parser(
    "short", help="Set short")
grp_icmptype_set_short.set_defaults(item="short")
grp_icmptype_set_short.add_argument("short", metavar="<short>")


# icmptype.query

grp_icmptype_query = icmptype_subparsers.add_parser("query",
                                                    help="Query commands")
grp_icmptype_query.set_defaults(action="query")

icmptype_query_subparsers = grp_icmptype_query.add_subparsers()


# icmptype.query.destination

grp_icmptype_query_destination = icmptype_query_subparsers.add_parser(
    "destination", help="Query destination")
grp_icmptype_query_destination.set_defaults(item="destination")
grp_icmptype_query_destination.add_argument("destination",
                                            metavar="<destination>", nargs="+")


# icmptype.list

grp_icmptype_list = icmptype_subparsers.add_parser("list", help="List commands")
grp_icmptype_list.set_defaults(action="list")

icmptype_list_subparsers = grp_icmptype_list.add_subparsers()

# icmptype.list.destinations

grp_icmptype_list_destinations = icmptype_list_subparsers.add_parser(
    "destinations", help="List destinations")
grp_icmptype_list_destinations.set_defaults(item="destinations")

#############################################################################

# new

grp_new = subparsers.add_parser("new", help="New commands")
grp_new.set_defaults(parser="new")
grp_new.add_argument("-p", "--permanent", action="store_true")

new_subparsers = grp_new.add_subparsers(help="New Commands")

# new.zone

grp_new_zone = new_subparsers.add_parser("zone", help="New zone")
grp_new_zone.set_defaults(action="zone")
grp_new_zone.add_argument("-n", "--name", metavar="<name>")
grp_new_zone.add_argument("-f", "--filename", metavar="<filename>")

# new.service

grp_new_service = new_subparsers.add_parser("service", help="New service")
grp_new_service.set_defaults(action="service")
grp_new_service.add_argument("-n", "--name", metavar="<name>")
grp_new_service.add_argument("-f", "--filename", metavar="<filename>")

# new.ipset

grp_new_ipset = new_subparsers.add_parser("ipset", help="New ipset")
grp_new_ipset.set_defaults(action="ipset")
grp_new_ipset.add_argument("-n", "--name", metavar="<name>")
grp_new_ipset.add_argument("-f", "--filename", metavar="<filename>")
grp_new_ipset.add_argument("-t", "--type", metavar="<ipsettype>")
grp_new_ipset.add_argument("-o", "--option", metavar="<key>[=<value>]",
                           nargs="*")

#--type=<ipset type> [--option=<key>[=<value>]]..

# new.icmptype

grp_new_icmptype = new_subparsers.add_parser("icmptype", help="New icmptype")
grp_new_icmptype.set_defaults(action="icmptype")
grp_new_icmptype.add_argument("-n", "--name", metavar="<name>")
grp_new_icmptype.add_argument("-f", "--filename", metavar="<filename>")

#############################################################################

# helper

grp_helper = subparsers.add_parser("helper", help="Helper commands")
grp_helper.set_defaults(parser="helper")
grp_helper.add_argument("helper", type=str, action="store",
                          metavar="<helper>")
grp_helper.add_argument("-p", "--permanent", action="store_true")

helper_subparsers = grp_helper.add_subparsers(help="Helper Commands")


# helper.load_defaults

grp_helper_load_defaults = helper_subparsers.add_parser(
    "load-defaults", help="Load defaults")
grp_helper_load_defaults.set_defaults(action="load-defaults")

# helper.add

grp_helper_add = helper_subparsers.add_parser("add", help="Add commands")
grp_helper_add.set_defaults(action="add")

helper_add_subparsers = grp_helper_add.add_subparsers()

# helper.add.port

grp_helper_add_port = helper_add_subparsers.add_parser("port",
                                                       help="Add port")
grp_helper_add_port.set_defaults(item="port")
grp_helper_add_port.add_argument("port", metavar="<port>", nargs="+")

# helper.remove

grp_helper_remove = helper_subparsers.add_parser("remove",
                                                     help="Remove commands")
grp_helper_remove.set_defaults(action="remove")

helper_remove_subparsers = grp_helper_remove.add_subparsers()

# helper.remove.port

grp_helper_remove_port = helper_remove_subparsers.add_parser(
    "port", help="Remove port")
grp_helper_remove_port.set_defaults(item="port")
grp_helper_remove_port.add_argument("port", metavar="<port>", nargs="+")


# helper.get

grp_helper_get = helper_subparsers.add_parser("get", help="Get commands")
grp_helper_get.set_defaults(action="get")

helper_get_subparsers = grp_helper_get.add_subparsers()

# helper.get.description

grp_helper_get_description = helper_get_subparsers.add_parser(
    "description", help="Get description")
grp_helper_get_description.set_defaults(item="description")

# helper.get.family

grp_helper_get_family = helper_get_subparsers.add_parser(
    "family", help="Get family")
grp_helper_get_family.set_defaults(item="family")

# helper.get.module

grp_helper_get_module = helper_get_subparsers.add_parser(
    "module", help="Get module")
grp_helper_get_module.set_defaults(item="module")

# helper.get.short

grp_helper_get_short = helper_get_subparsers.add_parser(
    "short", help="Get short")
grp_helper_get_short.set_defaults(item="short")


# helper.set

grp_helper_set = helper_subparsers.add_parser("set", help="Set commands")
grp_helper_set.set_defaults(action="set")

helper_set_subparsers = grp_helper_set.add_subparsers()

# helper.set.description

grp_helper_set_description = helper_set_subparsers.add_parser(
    "description", help="Set description")
grp_helper_set_description.set_defaults(item="description")
grp_helper_set_description.add_argument("description", metavar="<description>")

# helper.set.family

grp_helper_set_family = helper_set_subparsers.add_parser(
    "family", help="Set family")
grp_helper_set_family.set_defaults(item="family")
grp_helper_set_family.add_argument("family", metavar="<family>")

# helper.set.module

grp_helper_set_module = helper_set_subparsers.add_parser(
    "module", help="Set module")
grp_helper_set_module.set_defaults(item="module")
grp_helper_set_module.add_argument("module", metavar="<module>")

# helper.set.short

grp_helper_set_short = helper_set_subparsers.add_parser(
    "short", help="Set short")
grp_helper_set_short.set_defaults(item="short")
grp_helper_set_short.add_argument("short", metavar="<short>")


# helper.query

grp_helper_query = helper_subparsers.add_parser("query",
                                                help="Query commands")
grp_helper_query.set_defaults(action="query")

helper_query_subparsers = grp_helper_query.add_subparsers()

# helper.query.port

grp_helper_query_port = helper_query_subparsers.add_parser("port",
                                                           help="Query port")
grp_helper_query_port.set_defaults(item="port")
grp_helper_query_port.add_argument("port", metavar="<port>", nargs="+")


# helper.list

grp_helper_list = helper_subparsers.add_parser("list", help="List commands")
grp_helper_list.set_defaults(action="list")

helper_list_subparsers = grp_helper_list.add_subparsers()

# helper.list.ports

grp_helper_list_ports = helper_list_subparsers.add_parser("ports",
                                                          help="List ports")
grp_helper_list_ports.set_defaults(item="ports")

#############################################################################

# new

grp_new = subparsers.add_parser("new", help="New commands")
grp_new.set_defaults(parser="new")
grp_new.add_argument("-p", "--permanent", action="store_true")

new_subparsers = grp_new.add_subparsers(help="New Commands")

# new.zone

grp_new_zone = new_subparsers.add_parser("zone", help="New zone")
grp_new_zone.set_defaults(action="zone")
grp_new_zone.add_argument("-n", "--name", metavar="<name>")
grp_new_zone.add_argument("-f", "--filename", metavar="<filename>")

# new.service

grp_new_service = new_subparsers.add_parser("service", help="New service")
grp_new_service.set_defaults(action="service")
grp_new_service.add_argument("-n", "--name", metavar="<name>")
grp_new_service.add_argument("-f", "--filename", metavar="<filename>")

# new.ipset

grp_new_ipset = new_subparsers.add_parser("ipset", help="New ipset")
grp_new_ipset.set_defaults(action="ipset")
grp_new_ipset.add_argument("-n", "--name", metavar="<name>")
grp_new_ipset.add_argument("-f", "--filename", metavar="<filename>")
grp_new_ipset.add_argument("-t", "--type", metavar="<ipsettype>")
grp_new_ipset.add_argument("-o", "--option", metavar="<key>[=<value>]",
                           nargs="*")

#--type=<ipset type> [--option=<key>[=<value>]]..

# new.helper

grp_new_helper = new_subparsers.add_parser("helper", help="New helper")
grp_new_helper.set_defaults(action="helper")
grp_new_helper.add_argument("-n", "--name", metavar="<name>")
grp_new_helper.add_argument("-f", "--filename", metavar="<filename>")

# new.icmptype

grp_new_icmptype = new_subparsers.add_parser("icmptype", help="New icmptype")
grp_new_icmptype.set_defaults(action="icmptype")
grp_new_icmptype.add_argument("-n", "--name", metavar="<name>")
grp_new_icmptype.add_argument("-f", "--filename", metavar="<filename>")

#############################################################################

# delete

grp_delete = subparsers.add_parser("delete", help="Delete commands")
grp_delete.set_defaults(parser="delete")
grp_delete.add_argument("-p", "--permanent", action="store_true")

delete_subparsers = grp_delete.add_subparsers(help="Delete Commands")

# delete.zone

grp_delete_zone = delete_subparsers.add_parser("zone", help="Delete zone")
grp_delete_zone.set_defaults(action="zone")
grp_delete_zone.add_argument("zone", metavar="<zone>")

# delete.service

grp_delete_service = delete_subparsers.add_parser("service",
                                                  help="Delete service")
grp_delete_service.set_defaults(action="service")
grp_delete_service.add_argument("service", metavar="<service>")

# delete.ipset

grp_delete_ipset = delete_subparsers.add_parser("ipset", help="Delete ipset")
grp_delete_ipset.set_defaults(action="ipset")
grp_delete_ipset.add_argument("ipset", metavar="<ipset>")


# delete.helper

grp_delete_helper = delete_subparsers.add_parser("helper",
                                                   help="Delete helper")
grp_delete_helper.set_defaults(action="helper")
grp_delete_helper.add_argument("helper", metavar="<helper>")

# delete.icmptype

grp_delete_icmptype = delete_subparsers.add_parser("icmptype",
                                                   help="Delete icmptype")
grp_delete_icmptype.set_defaults(action="icmptype")
grp_delete_icmptype.add_argument("icmptype", metavar="<icmptype>")

#############################################################################

# direct

grp_direct = subparsers.add_parser("direct", help="Direct commands")
grp_direct.set_defaults(parser="direct")
grp_direct.add_argument("-p", "--permanent", action="store_true")

direct_subparsers = grp_direct.add_subparsers(help="Direct Commands")


# direct.add

grp_direct_add = direct_subparsers.add_parser("add", help="Add commands")
grp_direct_add.set_defaults(action="add")

direct_add_subparsers = grp_direct_add.add_subparsers()

# direct.add.chain

grp_direct_add_chain = direct_add_subparsers.add_parser("chain",
                                                        help="Add chain")
grp_direct_add_chain.set_defaults(item="chain")
grp_direct_add_chain.add_argument(
    "chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>"))

# direct.add.rule

grp_direct_add_rule = direct_add_subparsers.add_parser("rule",
                                                       help="Add rule")
grp_direct_add_rule.set_defaults(item="rule")
grp_direct_add_rule.add_argument(
    "rule", nargs=argparse.REMAINDER,
    metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>"))

# direct.add.passthrough

grp_direct_add_passthrough = direct_add_subparsers.add_parser(
    "passthrough", help="Add passthrough")
grp_direct_add_passthrough.set_defaults(item="passthrough")
grp_direct_add_passthrough.add_argument(
    "passthrough", nargs=argparse.REMAINDER,
    metavar=("{ ipv4 | ipv6 | eb }", "<args>"))


# direct.passthrough

grp_direct_passthrough = direct_subparsers.add_parser(
    "passthrough", help="Untracked passthrough")
grp_direct_passthrough.set_defaults(action="passthrough")
grp_direct_passthrough.add_argument("passthrough", nargs=argparse.REMAINDER,
                                    metavar=("{ ipv4 | ipv6 | eb }", "<args>"))


# direct.query

grp_direct_query = direct_subparsers.add_parser("query", help="Query commands")
grp_direct_query.set_defaults(action="query")

direct_query_subparsers = grp_direct_query.add_subparsers()

# direct.query.chain

grp_direct_query_chain = direct_query_subparsers.add_parser(
    "chain", help="Query chain")
grp_direct_query_chain.set_defaults(item="chain")
grp_direct_query_chain.add_argument(
    "chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>"))

# direct.query.rule

grp_direct_query_rule = direct_query_subparsers.add_parser(
    "rule", help="Query rule")
grp_direct_query_rule.set_defaults(item="rule")
grp_direct_query_rule.add_argument(
    "rule", nargs=argparse.REMAINDER,
    metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>"))

# direct.query.passthrough

grp_direct_query_passthrough = direct_query_subparsers.add_parser(
    "passthrough", help="Query passthrough")
grp_direct_query_passthrough.set_defaults(item="passthrough")
grp_direct_query_passthrough.add_argument("passthrough",
                                          metavar="<passthrough>",
                                          nargs=argparse.REMAINDER)


# direct.remove

grp_direct_remove = direct_subparsers.add_parser("remove",
                                                 help="Remove commands")
grp_direct_remove.set_defaults(action="remove")

direct_remove_subparsers = grp_direct_remove.add_subparsers()

# direct.remove.chain

grp_direct_remove_chain = direct_remove_subparsers.add_parser(
    "chain", help="Remove chain")
grp_direct_remove_chain.set_defaults(item="chain")
grp_direct_remove_chain.add_argument(
    "chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>"))

# direct.remove.rule

grp_direct_remove_rule = direct_remove_subparsers.add_parser("rule",
                                                             help="Remove rule")
grp_direct_remove_rule.set_defaults(item="rule")
grp_direct_remove_rule.add_argument(
    "rule", nargs=argparse.REMAINDER,
    metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>"))

# direct.remove.passthrough

grp_direct_remove_passthrough = direct_remove_subparsers.add_parser(
    "passthrough", help="Remove passthrough")
grp_direct_remove_passthrough.set_defaults(item="passthrough")
grp_direct_remove_passthrough.add_argument("passthrough",
                                           metavar="<passthrough>",
                                           nargs=argparse.REMAINDER)


# direct.get

grp_direct_get = direct_subparsers.add_parser("get", help="Get commands")
grp_direct_get.set_defaults(action="get")

direct_get_subparsers = grp_direct_get.add_subparsers()

# direct.get.all-chains

grp_direct_get_all_chains = direct_get_subparsers.add_parser(
    "all-chains", help="Get all chains")
grp_direct_get_all_chains.set_defaults(item="all-chains")

# direct.get.chains

grp_direct_get_chains = direct_get_subparsers.add_parser("chains",
                                                         help="Get chains")
grp_direct_get_chains.set_defaults(item="chains")
grp_direct_get_chains.add_argument("chains", nargs=2,
                                   metavar=("{ ipv4 | ipv6 | eb }", "<table>"))

# direct.get.all-rules

grp_direct_get_all_rules = direct_get_subparsers.add_parser(
    "all-rules", help="Get all rules")
grp_direct_get_all_rules.set_defaults(item="all-rules")

# direct.get.rules

grp_direct_get_rules = direct_get_subparsers.add_parser("rules",
                                                        help="Get rules")
grp_direct_get_rules.set_defaults(item="rules")
grp_direct_get_rules.add_argument("rules", nargs=3,
                                  metavar=("{ ipv4 | ipv6 | eb }",
                                           "<table>", "<chain>"))

# direct.get.all-passthroughs

grp_direct_get_all_passthroughs = direct_get_subparsers.add_parser(
    "all-passthroughs", help="Get all passthroughs")
grp_direct_get_all_passthroughs.set_defaults(item="all-passthroughs")

# direct.get.passthroughs

grp_direct_get_passthroughs = direct_get_subparsers.add_parser(
    "passthroughs", help="Get passthroughs")
grp_direct_get_passthroughs.set_defaults(item="passthroughs")
grp_direct_get_passthroughs.add_argument("passthroughs", nargs=1,
                                         metavar=("{ ipv4 | ipv6 | eb }"))

#############################################################################

# lockdown

grp_lockdown_whitelist = subparsers.add_parser(
    "lockdown-whitelist", help="Lockdown whitelist commands")
grp_lockdown_whitelist.set_defaults(parser="lockdown-whitelist")
grp_lockdown_whitelist.add_argument("-p", "--permanent", action="store_true")

lockdown_whitelist_subparsers = grp_lockdown_whitelist.add_subparsers(
    help="Lockdown Commands")

# lockdown.whitelist.add

grp_lockdown_whitelist_add = lockdown_whitelist_subparsers.add_parser(
    "add", help="Add commands")
grp_lockdown_whitelist_add.set_defaults(action="add")

whitelist_add_subparsers = grp_lockdown_whitelist_add.add_subparsers()

# lockdown.whitelist.add.command

grp_lockdown_whitelist_add_command = whitelist_add_subparsers.add_parser(
    "command", help="Add command")
grp_lockdown_whitelist_add_command.set_defaults(item="command")
grp_lockdown_whitelist_add_command.add_argument("command", metavar="<command>",
                                                nargs="+")

# lockdown.whitelist.add.context

grp_lockdown_whitelist_add_context = whitelist_add_subparsers.add_parser(
    "context", help="Add context")
grp_lockdown_whitelist_add_context.set_defaults(item="context")
grp_lockdown_whitelist_add_context.add_argument("context", metavar="<context>",
                                                nargs="+")

# lockdown.whitelist.add.uid

grp_lockdown_whitelist_add_uid = whitelist_add_subparsers.add_parser(
    "uid", help="Add uid")
grp_lockdown_whitelist_add_uid.set_defaults(item="uid")
grp_lockdown_whitelist_add_uid.add_argument("uid", metavar="<uid>", type=int,
                                            nargs="+")

# lockdown.whitelist.add.user

grp_lockdown_whitelist_add_user = whitelist_add_subparsers.add_parser(
    "user", help="Add user")
grp_lockdown_whitelist_add_user.set_defaults(item="user")
grp_lockdown_whitelist_add_user.add_argument("user", metavar="<user>",
                                             nargs="+")


# lockdown.whitelist.query

grp_lockdown_whitelist_query = lockdown_whitelist_subparsers.add_parser(
    "query", help="Query commands")
grp_lockdown_whitelist_query.set_defaults(action="query")

whitelist_query_subparsers = grp_lockdown_whitelist_query.add_subparsers()


# lockdown.whitelist.query.command

grp_lockdown_whitelist_query_command = whitelist_query_subparsers.add_parser(
    "command", help="Query command")
grp_lockdown_whitelist_query_command.set_defaults(item="command")
grp_lockdown_whitelist_query_command.add_argument("command",
                                                  metavar="<command>",
                                                  nargs="+")

# lockdown.whitelist.query.context

grp_lockdown_whitelist_query_context = whitelist_query_subparsers.add_parser(
    "context", help="Query context")
grp_lockdown_whitelist_query_context.set_defaults(item="context")
grp_lockdown_whitelist_query_context.add_argument("context",
                                                  metavar="<context>",
                                                  nargs="+")

# lockdown.whitelist.query.uid

grp_lockdown_whitelist_query_uid = whitelist_query_subparsers.add_parser(
    "uid", help="Query uid")
grp_lockdown_whitelist_query_uid.set_defaults(item="uid")
grp_lockdown_whitelist_query_uid.add_argument("uid", metavar="<uid>", type=int,
                                              nargs="+")

# lockdown.whitelist.query.user

grp_lockdown_whitelist_query_user = whitelist_query_subparsers.add_parser(
    "user", help="Query user")
grp_lockdown_whitelist_query_user.set_defaults(item="user")
grp_lockdown_whitelist_query_user.add_argument("user", metavar="<user>",
                                               nargs="+")


# lockdown.whitelist.remove

grp_lockdown_whitelist_remove = lockdown_whitelist_subparsers.add_parser(
    "remove", help="Remove commands")
grp_lockdown_whitelist_remove.set_defaults(action="remove")

whitelist_remove_subparsers = grp_lockdown_whitelist_remove.add_subparsers()


# lockdown.whitelist.remove.command

grp_lockdown_whitelist_remove_command = whitelist_remove_subparsers.add_parser(
    "command", help="Remove command")
grp_lockdown_whitelist_remove_command.set_defaults(item="command")
grp_lockdown_whitelist_remove_command.add_argument("command",
                                                   metavar="<command>",
                                                   nargs="+")

# lockdown.whitelist.remove.context

grp_lockdown_whitelist_remove_context = whitelist_remove_subparsers.add_parser(
    "context", help="Remove context")
grp_lockdown_whitelist_remove_context.set_defaults(item="context")
grp_lockdown_whitelist_remove_context.add_argument("context",
                                                   metavar="<context>",
                                                   nargs="+")

# lockdown.whitelist.remove.uid

grp_lockdown_whitelist_remove_uid = whitelist_remove_subparsers.add_parser(
    "uid", help="Remove uid")
grp_lockdown_whitelist_remove_uid.set_defaults(item="uid")
grp_lockdown_whitelist_remove_uid.add_argument("uid", metavar="<uid>", type=int,
                                               nargs="+")

# lockdown.whitelist.remove.user

grp_lockdown_whitelist_remove_user = whitelist_remove_subparsers.add_parser(
    "user", help="Remove user")
grp_lockdown_whitelist_remove_user.set_defaults(item="user")
grp_lockdown_whitelist_remove_user.add_argument("user", metavar="<user>",
                                                nargs="+")


# lockdown.whitelist.list

grp_lockdown_whitelist_list = lockdown_whitelist_subparsers.add_parser(
    "list", help="List commands")
grp_lockdown_whitelist_list.set_defaults(action="list")

whitelist_list_subparsers = grp_lockdown_whitelist_list.add_subparsers()


# lockdown.whitelist.list.commands

grp_lockdown_whitelist_list_commands = whitelist_list_subparsers.add_parser(
    "commands", help="List commands")
grp_lockdown_whitelist_list_commands.set_defaults(item="commands")

# lockdown.whitelist.list.contexts

grp_lockdown_whitelist_list_contexts = whitelist_list_subparsers.add_parser(
    "contexts", help="List contexts")
grp_lockdown_whitelist_list_contexts.set_defaults(item="contexts")

# lockdown.whitelist.list.uids

grp_lockdown_whitelist_list_uids = whitelist_list_subparsers.add_parser(
    "uids", help="List uids")
grp_lockdown_whitelist_list_uids.set_defaults(item="uids")

# lockdown.whitelist.list.users

grp_lockdown_whitelist_list_users = whitelist_list_subparsers.add_parser(
    "users", help="List users")
grp_lockdown_whitelist_list_users.set_defaults(item="users")

#############################################################################

# config

grp_config = subparsers.add_parser("config", help="firewalld configuration")
grp_config.set_defaults(parser="config")

config_subparsers = grp_config.add_subparsers(help="Config Commands")

# config.get

grp_config_get = config_subparsers.add_parser("get", help="Get commands")
grp_config_get.set_defaults(action="get")

config_get_subparsers = grp_config_get.add_subparsers()

# config.get.default-zone

grp_config_get_default_zone = config_get_subparsers.add_parser(
    "default-zone", help="Get default zone")
grp_config_get_default_zone.set_defaults(item="default-zone")

# config.get.lockdown

grp_config_get_lockdown = config_get_subparsers.add_parser("lockdown",
                                                           help="Get lockdown")
grp_config_get_lockdown.set_defaults(item="lockdown")

# config.get.log-denied

grp_config_get_log_denied = config_get_subparsers.add_parser(
    "log-denied", help="Get log denied")
grp_config_get_log_denied.set_defaults(item="log-denied")

# config.get.panic

grp_config_get_panic = config_get_subparsers.add_parser("panic",
                                                        help="Get panic")
grp_config_get_panic.set_defaults(item="panic")

# config.list

grp_config_list = config_subparsers.add_parser("list", help="List commands")
grp_config_list.set_defaults(action="list")

# config.set

grp_config_set = config_subparsers.add_parser("set", help="Set commands")
grp_config_set.set_defaults(action="set")

config_set_subparsers = grp_config_set.add_subparsers()

# config.set.default-zone

grp_config_set_default_zone = config_set_subparsers.add_parser(
    "default-zone", help="Set default zone")
grp_config_set_default_zone.set_defaults(item="default-zone")
grp_config_set_default_zone.add_argument("default_zone", metavar="<zone>")

# config.set.lockdown

grp_config_set_lockdown = config_set_subparsers.add_parser("lockdown",
                                                           help="Set lockdown")
grp_config_set_lockdown.set_defaults(item="lockdown")
grp_config_set_lockdown.add_argument("lockdown", metavar="<lockdown>")

# config.set.log-denied

grp_config_set_log_denied = config_set_subparsers.add_parser(
    "log-denied", help="Set log denied")
grp_config_set_log_denied.set_defaults(item="log-denied")
grp_config_set_log_denied.add_argument("log_denied", metavar="<log-denied>")

# config.set.panic

grp_config_set_panic = config_set_subparsers.add_parser("panic",
                                                        help="Set panic")
grp_config_set_panic.set_defaults(item="panic")
grp_config_set_panic.add_argument("panic", metavar="<panic>")

#############################################################################

# settings

grp_settings = subparsers.add_parser("settings", help="firewalld settings")
grp_settings.set_defaults(parser="settings")

settings_subparsers = grp_settings.add_subparsers(help="Settings Commands")

# settings.get

grp_settings_get = settings_subparsers.add_parser("get", help="Get commands")
grp_settings_get.set_defaults(action="get")

settings_get_subparsers = grp_settings_get.add_subparsers()

# settings.get.BRIDGE

grp_settings_get_BRIDGE = settings_get_subparsers.add_parser(
    "BRIDGE", help="Get BRIDGE")
grp_settings_get_BRIDGE.set_defaults(item="BRIDGE")

# settings.get.CleanupOnExit

grp_settings_get_CleanupOnExit = settings_get_subparsers.add_parser(
    "CleanupOnExit", help="Get CleanupOnExit")
grp_settings_get_CleanupOnExit.set_defaults(item="CleanupOnExit")

# settings.get.IPSet

grp_settings_get_IPSet = settings_get_subparsers.add_parser(
    "IPSet", help="Get IPSet")
grp_settings_get_IPSet.set_defaults(item="IPSet")

# settings.get.IPSetTypes

grp_settings_get_IPSetTypes = settings_get_subparsers.add_parser(
    "IPSetTypes", help="Get IPSetTypes")
grp_settings_get_IPSetTypes.set_defaults(item="IPSetTypes")

# settings.get.IPv4

grp_settings_get_IPv4 = settings_get_subparsers.add_parser(
    "IPv4", help="Get IPv4")
grp_settings_get_IPv4.set_defaults(item="IPv4")

# settings.get.IPv6

grp_settings_get_IPv6 = settings_get_subparsers.add_parser(
    "IPv6", help="Get IPv6")
grp_settings_get_IPv6.set_defaults(item="IPv6")

# settings.get.IPv6_rpfilter

grp_settings_get_IPv6_rpfilter = settings_get_subparsers.add_parser(
    "IPv6_rpfilter", help="Get IPv6_rpfilter")
grp_settings_get_IPv6_rpfilter.set_defaults(item="IPv6_rpfilter")

# settings.get.MinimalMark

grp_settings_get_MinimalMark = settings_get_subparsers.add_parser(
    "MinimalMark", help="Get MinimalMark")
grp_settings_get_MinimalMark.set_defaults(item="MinimalMark")

# settings.list

grp_settings_list = settings_subparsers.add_parser("list", help="List commands")
grp_settings_list.set_defaults(action="list")

#############################################################################

args = sys.argv[1:]
if len(args) > 1 and args[0] == "direct":
    i = -1
    if (len(args) > 1 and args[1] == 'passthrough') or \
       (len(args) > 2 and args[2] == 'passthrough') or \
       (len(args) > 3 and args[3] == 'passthrough'):
        i = args.index('passthrough') + 1
    elif (len(args) > 2 and args[2] == 'rule') or \
         (len(args) > 3 and args[3] == 'rule'):
        i = args.index('rule') + 4
    # join <args> into one argument to prevent parser from parsing each iptables
    # option, because they ccould conflict with firewallctl options
    if (i > -1) and (i < len(args) - 1):
        aux_args = args[:]
        args = aux_args[:i+1] # all but not <args>
        args.append(joinArgs(aux_args[i+1:])) # add <args> as one arg

args = parser.parse_args(args)

if not hasattr(args, "parser"):
    parser.print_help()
    sys.exit(0)

# Set quiet and verbose

cmd = FirewallCommand(args.quiet, args.verbose)

def myexcepthook(exctype, value, traceback):
    cmd.exception_handler(str(value))
sys.excepthook = myexcepthook

# use firewalld

try:
    fw = FirewallClient()
except FirewallError as msg:
    code = FirewallError.get_code(str(msg))
    cmd.print_and_exit("Error: %s" % msg, code)

fw.setExceptionHandler(cmd.exception_handler)
if fw.connected == False:
    if args.parser == "state":
        cmd.print_and_exit("not running", errors.NOT_RUNNING)
    else:
        cmd.print_and_exit("FirewallD is not running", errors.NOT_RUNNING)
cmd.set_fw(fw)

# version
if args.parser == "version":
    cmd.print_and_exit(fw.get_property("version"))

# state
elif args.parser == "state":
    state = fw.get_property("state")
    if state == "RUNNING":
        cmd.print_and_exit("running")
    else:
        cmd.print_and_exit(state, errors.NOT_RUNNING)

# reload
elif args.parser == "reload":
    if args.complete:
        fw.complete_reload()
    else:
        fw.reload()

# runtime_to_permanent
elif args.parser == "runtime-to-permanent":
    fw.runtimeToPermanent()

#############################################################################

# list

elif args.parser == "list":

    if not hasattr(args, "list"):
        grp_list.print_help()
        sys.exit(0)

    if args.list == "zones":
        if args.active:
            items = fw.getActiveZones()
        elif args.permanent:
            items = fw.config().getZoneNames()
        else:
            items = fw.getZones()
        cmd.print_and_exit(" ".join(sorted(items)))

    elif args.list == "services":
        if args.permanent:
            items = fw.config().getServiceNames()
        else:
            items = fw.listServices()
        cmd.print_and_exit(" ".join(sorted(items)))

    elif args.list == "ipsets":
        if args.permanent:
            items = fw.config().getIPSetNames()
        else:
            items = fw.getIPSets()
        cmd.print_and_exit(" ".join(sorted(items)))

    elif args.list == "helpers":
        if args.permanent:
            items = fw.config().getHelperNames()
        else:
            items = fw.getHelpers()
        cmd.print_and_exit(" ".join(sorted(items)))

    elif args.list == "icmptypes":
        if args.permanent:
            items = fw.config().getIcmpTypeNames()
        else:
            items = fw.listIcmpTypes()
        cmd.print_and_exit(" ".join(sorted(items)))

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# info

elif args.parser == "info":

    if not hasattr(args, "info"):
        grp_info.print_help()
        sys.exit(0)

    if args.info == "zone":
        if args.zone != "":
            zone = args.zone
        else:
            zone = fw.getDefaultZone()
        if args.permanent:
            settings = fw.config().getZoneByName(zone).getSettings()
        else:
            settings = fw.getZoneSettings(zone)
        cmd.print_zone_info(zone, settings, True)
        sys.exit(0)

    elif args.info == "zones":
        if args.active:
            for zone in fw.getActiveZones():
                cmd.print_zone_info(zone, fw.getZoneSettings(zone))
                cmd.print_msg("")

        elif args.permanent:
            names = fw.config().getZoneNames()
            for zone in sorted(names):
                settings = fw.config().getZoneByName(zone)
                cmd.print_zone_info(zone, settings.getSettings())
                cmd.print_msg("")
        else:
            for zone in fw.getZones():
                cmd.print_zone_info(zone, fw.getZoneSettings(zone))
                cmd.print_msg("")
        sys.exit(0)

    elif args.info == "service":
        if args.permanent:
            settings = fw.config().getServiceByName(args.service).getSettings()
        else:
            settings = fw.getServiceSettings(args.service)
        cmd.print_service_info(args.service, settings)
        sys.exit(0)

    elif args.info == "services":
        if args.permanent:
            names = fw.config().getServiceNames()
            for service in sorted(names):
                settings = fw.config().getServiceByName(service)
                cmd.print_service_info(service, settings.getSettings())
                cmd.print_msg("")
        else:
            for service in fw.listServices():
                cmd.print_service_info(service, fw.getServiceSettings(service))
                cmd.print_msg("")
        sys.exit(0)

    elif args.info == "ipset":
        if args.permanent:
            settings = fw.config().getIPSetByName(args.ipset).getSettings()
        else:
            settings = fw.getIPSetSettings(args.ipset)
        cmd.print_ipset_info(args.ipset, settings)
        sys.exit(0)

    elif args.info == "ipsets":
        if args.permanent:
            names = fw.config().getIPSetNames()
            for ipset in sorted(names):
                settings = fw.config().getIPSetByName(ipset)
                cmd.print_ipset_info(ipset, settings.getSettings())
                cmd.print_msg("")
        else:
            for ipset in fw.getIPSets():
                cmd.print_ipset_info(ipset, fw.getIPSetSettings(ipset))
                cmd.print_msg("")
        sys.exit(0)

    elif args.info == "helper":
        if args.permanent:
            settings = fw.config().getHelperByName(
                args.helper).getSettings()
        else:
            settings = fw.getHelperSettings(args.helper)
        cmd.print_helper_info(args.helper, settings)
        sys.exit(0)

    elif args.info == "helpers":
        if args.permanent:
            names = fw.config().getHelperNames()
            for helper in sorted(names):
                settings = fw.config().getHelperByName(helper)
                cmd.print_helper_info(helper, settings.getSettings())
                cmd.print_msg("")
        else:
            for helper in fw.getHelpers():
                cmd.print_helper_info(helper,
                                      fw.getHelperSettings(helper))
                cmd.print_msg("")
        sys.exit(0)

    elif args.info == "icmptype":
        if args.permanent:
            settings = fw.config().getIcmpTypeByName(
                args.icmptype).getSettings()
        else:
            settings = fw.getIcmpTypeSettings(args.icmptype)
        cmd.print_icmptype_info(args.icmptype, settings)
        sys.exit(0)

    elif args.info == "icmptypes":
        if args.permanent:
            names = fw.config().getIcmpTypeNames()
            for icmptype in sorted(names):
                settings = fw.config().getIcmpTypeByName(icmptype)
                cmd.print_icmptype_info(icmptype, settings.getSettings())
                cmd.print_msg("")
        else:
            for icmptype in fw.listIcmpTypes():
                cmd.print_icmptype_info(icmptype,
                                        fw.getIcmpTypeSettings(icmptype))
                cmd.print_msg("")
        sys.exit(0)

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# zone

elif args.parser == "zone":

    if not hasattr(args, "action"):
        grp_zone.print_help()
        sys.exit(0)

    if args.action == "add":

        if not hasattr(args, "item"):
            grp_zone_add.print_help()
            sys.exit(0)

        if args.permanent:
            if args.zone == "":
                fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
            else:
                fw_zone = fw.config().getZoneByName(args.zone)

        if args.item == "interface":
            #interfaces = [ ]
            #for interface in args.interface:
            #    if not try_set_zone_of_interface(args.zone, interface):
            #        interfaces.append(interface)
            if args.permanent:
                interfaces = [ ]
                for interface in args.interface:
                    if not try_set_zone_of_interface(args.zone, interface):
                        interfaces.append(interface)
                cmd.add_sequence(interfaces, fw_zone.addInterface,
                                 fw_zone.queryInterface, None, "'%s'")
            else:
                #cmd.x_add_sequence(args.zone, interfaces,
                cmd.x_add_sequence(args.zone, args.interface,
                                   fw.addInterface, fw.queryInterface,
                                   None, "'%s'")

        elif args.item == "source":
            if args.permanent:
                cmd.add_sequence(args.source, fw_zone.addSource,
                                 fw_zone.querySource, cmd.parse_source, "'%s'")
            else:
                cmd.x_add_sequence(args.zone, args.source,
                                   fw.addSource, fw.querySource,
                                   cmd.parse_source, "'%s'")

        elif args.item == "service":
            if args.permanent:
                cmd.add_sequence(args.service, fw_zone.addService,
                                 fw_zone.queryService, None, "'%s'")
            else:
                cmd.zone_add_timeout_sequence(args.zone, args.service,
                                              fw.addService, fw.queryService,
                                              None, "'%s'", args.timeout)

        elif args.item == "port":
            if args.permanent:
                cmd.add_sequence(args.port,
                                 fw_zone.addPort, fw_zone.queryPort,
                                 cmd.parse_port, "'%s/%s'")
            else:
                cmd.zone_add_timeout_sequence(args.zone, args.port,
                                              fw.addPort, fw.queryPort,
                                              cmd.parse_port, "'%s/%s'",
                                              args.timeout)

        elif args.item == "protocol":
            if args.permanent:
                cmd.add_sequence(args.protocol,
                                 fw_zone.addProtocol, fw_zone.queryProtocol,
                                 None, "'%s'")
            else:
                cmd.zone_add_timeout_sequence(args.zone, args.protocol,
                                              fw.addProtocol, fw.queryProtocol,
                                              None, "'%s'", args.timeout)

        elif args.item == "source-port":
            if args.permanent:
                cmd.add_sequence(args.port,
                                 fw_zone.addSourcePort,
                                 fw_zone.querySourcePort,
                                 cmd.parse_port, "'%s/%s'")
            else:
                cmd.zone_add_timeout_sequence(args.zone, args.port,
                                              fw.addSourcePort,
                                              fw.querySourcePort,
                                              cmd.parse_port, "'%s/%s'",
                                              args.timeout)

        elif args.item == "rich-rule":
            if args.permanent:
                cmd.add_sequence(args.rich_rule, fw_zone.addRichRule,
                                 fw_zone.queryRichRule, None, "'%s'")
            else:
                cmd.zone_add_timeout_sequence(args.zone, args.rich_rule,
                                              fw.addRichRule,
                                              fw.queryRichRule, None, "'%s'",
                                              args.timeout)

        elif args.item == "masquerade":
            if args.permanent:
                fw_zone.addMasquerade()
            else:
                fw.addMasquerade(args.zone, args.timeout)

        elif args.item == "forward-port":
            if args.permanent:
                cmd.add_sequence(args.forward_port, fw_zone.addForwardPort,
                                 fw_zone.queryForwardPort,
                                 cmd.parse_forward_port,
                                 "port=%s:proto=%s:toport=%s:toaddr=%s")
            else:
                cmd.zone_add_timeout_sequence(
                    args.zone, args.forward_port,
                    fw.addForwardPort, fw.queryForwardPort,
                    cmd.parse_forward_port,
                    "'port=%s:proto=%s:toport=%s:toaddr=%s'",
                    args.timeout)

        elif args.item == "icmp-block":
            if args.permanent:
                cmd.add_sequence(args.icmp_block, fw_zone.addIcmpBlock,
                                 fw_zone.queryIcmpBlock, None, "'%s'")
            else:
                cmd.zone_add_timeout_sequence(args.zone, args.icmp_block,
                                              fw.addIcmpBlock,
                                              fw.queryIcmpBlock,
                                              None, "'%s'", args.timeout)

        elif args.item == "icmp-block-inversion":
            if args.permanent:
                fw_zone.addIcmpBlockInversion()
            else:
                fw.addIcmpBlockInversion(args.zone)

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "remove":

        if not hasattr(args, "item"):
            grp_zone_remove.print_help()
            sys.exit(0)

        if args.permanent:
            if args.zone == "":
                fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
            else:
                fw_zone = fw.config().getZoneByName(args.zone)

        if args.item == "interface":
            #interfaces = [ ]
            #for interface in args.interface:
            #    if not try_set_zone_of_interface("", interface):
            #        interfaces.append(interface)
            if args.permanent:
                interfaces = [ ]
                for interface in args.interface:
                    if not try_set_zone_of_interface("", interface):
                        interfaces.append(interface)
                cmd.remove_sequence(interfaces, fw_zone.removeInterface,
                                    fw_zone.queryInterface, None, "'%s'")
            else:
                #cmd.x_remove_sequence(args.zone, interfaces,
                cmd.x_remove_sequence(args.zone, args.interface,
                                      fw.removeInterface, fw.queryInterface,
                                      None, "'%s'")

        elif args.item == "source":
            if args.permanent:
                cmd.remove_sequence(args.source, fw_zone.removeSource,
                                    fw_zone.querySource, cmd.parse_source,
                                    "'%s'")
            else:
                cmd.x_remove_sequence(args.zone, args.source,
                                      fw.removeSource, fw.querySource,
                                      cmd.parse_source, "'%s'")

        elif args.item == "service":
            if args.permanent:
                cmd.remove_sequence(args.service, fw_zone.removeService,
                                    fw_zone.queryService, None, "'%s'")
            else:
                cmd.x_remove_sequence(args.zone, args.service,
                                      fw.removeService, fw.queryService,
                                      None, "'%s'")

        elif args.item == "port":
            if args.permanent:
                cmd.remove_sequence(args.port,
                                    fw_zone.removePort, fw_zone.queryPort,
                                    cmd.parse_port, "'%s/%s'")
            else:
                cmd.x_remove_sequence(args.zone, args.port,
                                      fw.removePort, fw.queryPort,
                                      cmd.parse_port, "'%s/%s'")

        elif args.item == "protocol":
            if args.permanent:
                cmd.remove_sequence(args.protocol,
                                    fw_zone.removeProtocol,
                                    fw_zone.queryProtocol,
                                    None, "'%s'")
            else:
                cmd.x_remove_sequence(args.zone, args.protocol,
                                      fw.removeProtocol, fw.queryProtocol,
                                      None, "'%s'")

        elif args.item == "source-port":
            if args.permanent:
                cmd.remove_sequence(args.port,
                                    fw_zone.removeSourcePort,
                                    fw_zone.querySourcePort,
                                    cmd.parse_port, "'%s/%s'")
            else:
                cmd.x_remove_sequence(args.zone, args.port,
                                      fw.removeSourcePort, fw.querySourcePort,
                                      cmd.parse_port, "'%s/%s'")

        elif args.item == "rich-rule":
            if args.permanent:
                cmd.remove_sequence(args.rich_rule, fw_zone.removeRichRule,
                                    fw_zone.queryRichRule, None, "'%s'")
            else:
                cmd.x_remove_sequence(args.zone, args.rich_rule,
                                      fw.removeRichRule,
                                      fw.queryRichRule, None, "'%s'")

        elif args.item == "masquerade":
            if args.permanent:
                fw_zone.removeMasquerade()
            else:
                fw.removeMasquerade(args.zone)

        elif args.item == "forward-port":
            if args.permanent:
                cmd.remove_sequence(args.forward_port,
                                    fw_zone.removeForwardPort,
                                    fw_zone.queryForwardPort,
                                    cmd.parse_forward_port,
                                    "port=%s:proto=%s:toport=%s:toaddr=%s")
            else:
                cmd.x_remove_sequence(args.zone, args.forward_port,
                                      fw.removeForwardPort,
                                      fw.queryForwardPort,
                                      cmd.parse_forward_port,
                                      "'port=%s:proto=%s:toport=%s:toaddr=%s'")

        elif args.item == "icmp-block":
            if args.permanent:
                cmd.remove_sequence(args.icmp_block, fw_zone.removeIcmpBlock,
                                    fw_zone.queryIcmpBlock, None, "'%s'")
            else:
                cmd.x_remove_sequence(args.zone, args.icmp_block,
                                      fw.removeIcmpBlock,
                                      fw.queryIcmpBlock,
                                      None, "'%s'")

        elif args.item == "icmp-block-inversion":
            if args.permanent:
                fw_zone.removeIcmpBlockInversion()
            else:
                fw.removeIcmpBlockInversion(args.zone)

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "get":

        if not hasattr(args, "item"):
            grp_zone_get.print_help()
            sys.exit(0)

        if args.permanent:
            if args.zone == "":
                fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
            else:
                fw_zone = fw.config().getZoneByName(args.zone)
        else:
            fw_zone = fw.getZoneSettings(args.zone)

        if args.item == "description":
            cmd.print_and_exit(fw_zone.getDescription())

        elif args.item == "short":
            cmd.print_and_exit(fw_zone.getShort())

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "set":

        if not hasattr(args, "item"):
            grp_zone_set.print_help()
            sys.exit(0)

        if args.permanent:
            if args.zone == "":
                fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
            else:
                fw_zone = fw.config().getZoneByName(args.zone)
        else:
            cmd.fail("Not possible to alter runtime zone settings")

        if args.item == "description":
            fw_zone.setDescription(args.description)

        elif args.item == "short":
            fw_zone.setShort(args.short)

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "query":

        if not hasattr(args, "item"):
            grp_zone_query.print_help()
            sys.exit(0)

        if args.permanent:
            if args.zone == "":
                fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
            else:
                fw_zone = fw.config().getZoneByName(args.zone)

        if args.item == "interface":
            if args.permanent:
                cmd.query_sequence(args.interface,
                                   fw_zone.queryInterface,
                                   None, "'%s'")
            else:
                cmd.x_query_sequence(args.zone, args.interface,
                                     fw.queryInterface,
                                     None, "'%s'")

        elif args.item == "source":
            if args.permanent:
                cmd.query_sequence(args.source,
                                   fw_zone.querySource,
                                   cmd.parse_source, "'%s'")
            else:
                cmd.x_query_sequence(args.zone, args.source,
                                     fw.querySource,
                                     cmd.parse_source, "'%s'")

        elif args.item == "service":
            if args.permanent:
                cmd.query_sequence(args.service,
                                   fw_zone.queryService,
                                   None, "'%s'")
            else:
                cmd.x_query_sequence(args.zone, args.service,
                                     fw.queryService,
                                     None, "'%s'")

        elif args.item == "port":
            if args.permanent:
                cmd.query_sequence(args.port,
                                   fw_zone.queryPort,
                                   cmd.parse_port, "'%s/%s'")
            else:
                cmd.x_query_sequence(args.zone, args.port,
                                     fw.queryPort,
                                     cmd.parse_port, "'%s/%s'")

        elif args.item == "protocol":
            if args.permanent:
                cmd.query_sequence(args.protocol,
                                   fw_zone.queryProtocol,
                                   None, "'%s'")
            else:
                cmd.x_query_sequence(args.zone, args.protocol,
                                     fw.queryProtocol,
                                     None, "'%s'")

        elif args.item == "source-port":
            if args.permanent:
                cmd.query_sequence(args.port,
                                   fw.querySourcePort,
                                   cmd.parse_port, "'%s/%s'")
            else:
                cmd.x_query_sequence(args.zone, args.port,
                                     fw.querySourcePort,
                                     cmd.parse_port, "'%s/%s'")

        elif args.item == "rich-rule":
            if args.permanent:
                cmd.query_sequence(args.rich_rule,
                                   fw_zone.queryRichRule, None, "'%s'")
            else:
                cmd.x_query_sequence(args.zone, args.rich_rule,
                                     fw.queryRichRule, None, "'%s'")

        elif args.item == "masquerade":
            if args.permanent:
                cmd.print_query_result(fw_zone.queryMasquerade())
            else:
                cmd.print_query_result(fw.queryMasquerade(args.zone))

        elif args.item == "forward-port":
            if args.permanent:
                cmd.query_sequence(args.forward_port,
                                   fw_zone.queryForwardPort,
                                   cmd.parse_forward_port,
                                   "port=%s:proto=%s:toport=%s:toaddr=%s")
            else:
                cmd.x_query_sequence(args.zone, args.forward_port,
                                     fw.queryForwardPort,
                                     cmd.parse_forward_port,
                                     "'port=%s:proto=%s:toport=%s:toaddr=%s'")


        elif args.item == "icmp-block":
            if args.permanent:
                cmd.query_sequence(args.icmp_block,
                                   fw_zone.queryIcmpBlock, None, "'%s'")
            else:
                cmd.x_query_sequence(args.zone, args.icmp_block,
                                     fw.queryIcmpBlock,
                                     None, "'%s'")

        elif args.item == "icmp-block-inversion":
            if args.permanent:
                cmd.print_query_result(fw_zone.queryIcmpBlockInversion())
            else:
                cmd.print_query_result(fw.queryIcmpBlockInversion(args.zone))

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "list":

        if not hasattr(args, "item"):
            grp_zone_list.print_help()
            sys.exit(0)

        if args.permanent:
            if args.zone == "":
                fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
            else:
                fw_zone = fw.config().getZoneByName(args.zone)

        if args.item == "interfaces":
            if args.permanent:
                cmd.print_and_exit(" ".join(fw_zone.getInterfaces()))
            else:
                cmd.print_and_exit(" ".join(fw.getInterfaces(args.zone)))

        elif args.item == "sources":
            if args.permanent:
                cmd.print_and_exit(" ".join(fw_zone.getSources()))
            else:
                cmd.print_and_exit(" ".join(fw.getSources(args.zone)))

        elif args.item == "services":
            if args.permanent:
                cmd.print_and_exit(" ".join(fw_zone.getServices()))
            else:
                cmd.print_and_exit(" ".join(fw.getServices(args.zone)))

        elif args.item == "ports":
            if args.permanent:
                cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
                                             for port in
                                             fw_zone.getPorts()]))
            else:
                cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
                                             for port in
                                             fw.getPorts(args.zone)]))

        elif args.item == "protocols":
            if args.permanent:
                cmd.print_and_exit(" ".join(fw_zone.getProtocols()))
            else:
                cmd.print_and_exit(" ".join(fw.getProtocols(args.zone)))

        elif args.item == "source-ports":
            if args.permanent:
                cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
                                             for port in
                                             fw_zone.getSourcePorts()]))
            else:
                cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
                                             for port in
                                             fw.getSourcePorts(args.zone)]))

        elif args.item == "rich-rules":
            if args.permanent:
                cmd.print_and_exit("\n".join(fw_zone.getRichRules()))
            else:
                cmd.print_and_exit("\n".join(fw.getRichRules(args.zone)))

        elif args.item == "forward-ports":
            if args.permanent:
                cmd.print_and_exit(
                    "\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % \
                               (port, protocol, toport, toaddr) for
                               (port, protocol, toport, toaddr) in
                               fw_zone.getForwardPorts()]))
            else:
                cmd.print_and_exit(
                    "\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % \
                               (port, protocol, toport, toaddr) for
                               (port, protocol, toport, toaddr) in
                               fw.getForwardPorts(args.zone)]))

        elif args.item == "icmp-blocks":
            if args.permanent:
                cmd.print_and_exit(" ".join(fw_zone.getIcmpBlocks()))
            else:
                cmd.print_and_exit(" ".join(fw.getIcmpBlocks(args.zone)))

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "load-defaults":

        if args.permanent:
            fw_zone = fw.config().getZoneByName(args.zone)
            fw_zone.loadDefaults()
        else:
            cmd.fail("Not possible to load defaults in runtime")

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# service

elif args.parser == "service":

    if not hasattr(args, "action"):
        grp_service.print_help()
        sys.exit(0)

    if args.action == "add":

        if not hasattr(args, "item"):
            grp_service_add.print_help()
            sys.exit(0)

        if args.permanent:
            fw_service = fw.config().getServiceByName(args.service)
        else:
            cmd.fail("Not possible to alter runtime service settings")

        if args.item == "port":
            cmd.add_sequence(args.port,
                             fw_service.addPort, fw_service.queryPort,
                             cmd.parse_port, "'%s/%s'")

        elif args.item == "protocol":
            cmd.add_sequence(args.protocol,
                             fw_service.addProtocol,
                             fw_service.queryProtocol,
                             None, "'%s'")

        elif args.item == "source-port":
            cmd.add_sequence(args.port,
                             fw_service.addSourcePort,
                             fw_service.querySourcePort,
                             cmd.parse_port, "'%s/%s'")

        elif args.item == "module":
            cmd.add_sequence(args.module,
                             fw_service.addModule,
                             fw_service.queryModule,
                             None, "'%s'")

        elif args.item == "destination":
            cmd.add_sequence(args.destination,
                             fw_service.setDestination,
                             fw_service.queryDestination,
                             cmd.parse_service_destination, "%s:%s")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "remove":

        if not hasattr(args, "item"):
            grp_service_remove.print_help()
            sys.exit(0)

        if args.permanent:
            fw_service = fw.config().getServiceByName(args.service)
        else:
            cmd.fail("Not possible to alter runtime service settings")

        if args.item == "port":
            cmd.remove_sequence(args.port,
                                fw_service.removePort,
                                fw_service.queryPort,
                                cmd.parse_port, "'%s/%s'")

        elif args.item == "protocol":
            cmd.remove_sequence(args.protocol,
                                fw_service.removeProtocol,
                                fw_service.queryProtocol,
                                None, "'%s'")

        elif args.item == "source-port":
            cmd.remove_sequence(args.port,
                                fw_service.removeSourcePort,
                                fw_service.querySourcePort,
                                cmd.parse_port, "'%s/%s'")

        elif args.item == "module":
            cmd.remove_sequence(args.module,
                                fw_service.removeModule,
                                fw_service.queryModule,
                                None, "'%s'")

        elif args.item == "destination":
            cmd.remove_sequence(args.destination,
                                fw_service.removeDestination,
                                fw_service.queryDestination,
                                cmd.parse_service_destination, "%s:%s")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "get":

        if not hasattr(args, "item"):
            grp_service_get.print_help()
            sys.exit(0)

        if args.permanent:
            fw_service = fw.config().getServiceByName(args.service)
        else:
            fw_service = fw.getServiceSettings(args.service)

        if args.item == "description":
            cmd.print_and_exit(fw_service.getDescription())

        elif args.item == "short":
            cmd.print_and_exit(fw_service.getShort())

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "set":

        if not hasattr(args, "item"):
            grp_service_set.print_help()
            sys.exit(0)

        if args.permanent:
            fw_service = fw.config().getServiceByName(args.service)
        else:
            cmd.fail("Not possible to alter runtime service settings")

        if args.item == "description":
            fw_service.setDescription(args.description)

        elif args.item == "short":
            fw_service.setShort(args.short)

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "query":

        if not hasattr(args, "item"):
            grp_service_query.print_help()
            sys.exit(0)

        if args.permanent:
            fw_service = fw.config().getServiceByName(args.service)
        else:
            fw_service = fw.getServiceSettings(args.service)

        if args.item == "port":
            cmd.query_sequence(args.port,
                               fw_service.queryPort,
                               cmd.parse_port, "'%s/%s'")

        elif args.item == "protocol":
            cmd.query_sequence(args.protocol,
                               fw_service.queryProtocol,
                               None, "'%s'")

        elif args.item == "source-port":
            cmd.query_sequence(args.port,
                               fw.querySourcePort,
                               cmd.parse_port, "'%s/%s'")

        elif args.item == "module":
            cmd.query_sequence(args.module,
                               fw_service.queryModule,
                               None, "'%s'")

        elif args.item == "destination":
            cmd.query_sequence(args.destination,
                               fw_service.queryDestination,
                               cmd.parse_service_destination, "%s:%s")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "list":

        if not hasattr(args, "item"):
            grp_service_list.print_help()
            sys.exit(0)

        if args.permanent:
            fw_service = fw.config().getServiceByName(args.service)
        else:
            fw_service = fw.getServiceSettings(args.service)

        if args.item == "ports":
            cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
                                         for port in
                                         fw_service.getPorts()]))

        elif args.item == "protocols":
            cmd.print_and_exit(" ".join(fw_service.getProtocols()))

        elif args.item == "source-ports":
            cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
                                         for port in
                                         fw_service.getSourcePorts()]))

        elif args.item == "modules":
            cmd.print_and_exit(" ".join(fw_service.getModules()))

        elif args.item == "destinations":
            cmd.print_and_exit(
                " ".join(["%s:%s" % (dest[0], dest[1]) for dest in
                          fw_service.getDestinations().items()]))

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "load-defaults":

        if args.permanent:
            fw_service = fw.config().getServiceByName(args.service)
            fw_service.loadDefaults()
        else:
            cmd.fail("Not possible to load defaults in runtime")

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# ipset

elif args.parser == "ipset":

    if not hasattr(args, "action"):
        grp_ipset.print_help()
        sys.exit(0)

    if args.action == "add":

        if not hasattr(args, "item"):
            grp_ipset_add.print_help()
            sys.exit(0)

        if args.item == "entry":
            if args.permanent:
                fw_ipset = fw.config().getIPSetByName(args.ipset)
                cmd.add_sequence(args.entry,
                                 fw_ipset.addEntry, fw_ipset.queryEntry,
                                 None, "'%s'")
            else:
                cmd.x_add_sequence(args.ipset, args.entry,
                                   fw.addEntry, fw.queryEntry,
                                   None, "'%s'")

        elif args.item == "entries-from-file":
            if args.permanent:
                fw_ipset = fw.config().getIPSetByName(args.ipset)
                old_entries = fw_ipset.getEntries()
            else:
                old_entries = fw.getEntries(args.ipset)
            changed = False

            for filename in args.entries_from_file:
                try:
                    entries = cmd.get_ipset_entries_from_file(filename)
                except IOError as msg:
                    message = "Failed to read file '%s': %s" % (filename, msg)
                    if len(args.entries_from_file) > 1:
                        cmd.print_warning(message)
                    else:
                        cmd.print_and_exit(message)
                else:
                    entries_set = set()
                    for entry in old_entries:
                        entries_set.add(entry)
                    for entry in entries:
                        if entry not in entries_set:
                            old_entries.append(entry)
                            entries_set.add(entry)
                            changed = True
                        else:
                            cmd.print_if_verbose(
                                "Warning: ALREADY_ENABLED: %s" % entry)
            if changed:
                if args.permanent:
                    fw_ipset.setEntries(old_entries)
                else:
                    fw.setEntries(args.ipset, old_entries)

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "get":

        if not hasattr(args, "item"):
            grp_ipset_get.print_help()
            sys.exit(0)

        if args.permanent:
            fw_ipset = fw.config().getIPSetByName(args.ipset)
        else:
            fw_ipset = fw.getIPSetSettings(args.ipset)

        if args.item == "description":
            cmd.print_and_exit(fw_ipset.getDescription())

        elif args.item == "short":
            cmd.print_and_exit(fw_ipset.getShort())

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "set":

        if not hasattr(args, "item"):
            grp_ipset_set.print_help()
            sys.exit(0)

        if args.permanent:
            fw_ipset = fw.config().getIPSetByName(args.ipset)
        else:
            cmd.fail("Not possible to alter runtime ipset settings")

        if args.item == "description":
            fw_ipset.setDescription(args.description)

        elif args.item == "short":
            fw_ipset.setShort(args.short)

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "remove":

        if not hasattr(args, "item"):
            grp_ipset_remove.print_help()
            sys.exit(0)

        if args.item == "entry":
            if args.permanent:
                fw_ipset = fw.config().getIPSetByName(args.ipset)
                cmd.remove_sequence(args.entry,
                                    fw_ipset.removeEntry, fw_ipset.queryEntry,
                                    None, "'%s'")
            else:
                cmd.x_remove_sequence(args.ipset, args.entry,
                                      fw.removeEntry, fw.queryEntry,
                                      None, "'%s'")

        elif args.item == "entries-from-file":
            if args.permanent:
                fw_ipset = fw.config().getIPSetByName(args.ipset)
                old_entries = fw_ipset.getEntries()
            else:
                old_entries = fw.getEntries(args.ipset)
            changed = False

            for filename in args.entries_from_file:
                try:
                    entries = cmd.get_ipset_entries_from_file(filename)
                except IOError as msg:
                    message = "Failed to read file '%s': %s" % (filename, msg)
                    if len(args.entries_from_file) > 1:
                        cmd.print_warning(message)
                    else:
                        cmd.print_and_exit(message)
                else:
                    entries_set = set()
                    for entry in old_entries:
                        entries_set.add(entry)
                    for entry in entries:
                        if entry in entries_set:
                            old_entries.remove(entry)
                            entries_set.discard(entry)
                            changed = True
                        else:
                            cmd.print_if_verbose(
                                "Warning: NOT_ENABLED: %s" % entry)
            if changed:
                if args.permanent:
                    fw_ipset.setEntries(old_entries)
                else:
                    fw.setEntries(args.ipset, old_entries)

        elif args.item == "all":
            if args.permanent:
                fw_ipset.setEntries(args.ipset, [ ])
            else:
                fw.setEntries(args.ipset, [ ])

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "query":

        if not hasattr(args, "item"):
            grp_ipset_query.print_help()
            sys.exit(0)

        if args.item == "entry":
            if args.permanent:
                fw_ipset = fw.config().getIPSetByName(args.ipset)
                cmd.query_sequence(args.entry,
                                   fw_ipset.queryEntry, None, "'%s'")
            else:
                cmd.x_query_sequence(args.ipset, args.entry,
                                     fw.queryEntry, None, "'%s'")

        elif args.item == "entries-from-file":
            if args.permanent:
                fw_ipset = fw.config().getIPSetByName(args.ipset)
                old_entries = fw_ipset.getEntries()
            else:
                old_entries = fw.getEntries(args.ipset)
            changed = False

            for filename in args.entries_from_file:
                try:
                    entries = cmd.get_ipset_entries_from_file(filename)
                except IOError as msg:
                    message = "Failed to read file '%s': %s" % (filename, msg)
                    if len(args.entries_from_file) > 1:
                        cmd.print_warning(message)
                    else:
                        cmd.print_and_exit(message)
                else:
                    for entry in entries:
                        cmd.print_msg("%s: %s" % \
                                      (entry,
                                       ("no", "yes")[entry in old_entries]))

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "list":

        if not hasattr(args, "item"):
            grp_ipset_list.print_help()
            sys.exit(0)

        if args.item == "entries":
            if args.permanent:
                fw_ipset = fw.config().getIPSetByName(args.ipset)
                cmd.print_and_exit("\n".join(fw_ipset.getEntries()))
            else:
                cmd.print_and_exit("\n".join(fw.getEntries(args.ipset)))

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "load-defaults":

        if args.permanent:
            fw_ipset = fw.config().getIPSetByName(args.ipset)
            fw_ipset.loadDefaults()
        else:
            cmd.fail("Not possible to load defaults in runtime")

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# helper

elif args.parser == "helper":

    if not hasattr(args, "action"):
        grp_helper.print_help()
        sys.exit(0)

    if args.action == "add":

        if not hasattr(args, "item"):
            grp_helper_add.print_help()
            sys.exit(0)

        if args.permanent:
            fw_helper = fw.config().getHelperByName(args.helper)
        else:
            cmd.fail("Not possible to alter runtime helper settings")

        if args.item == "port":
            cmd.add_sequence(args.port,
                             fw_helper.addPort, fw_helper.queryPort,
                             cmd.parse_port, "'%s/%s'")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "remove":

        if not hasattr(args, "item"):
            grp_helper_remove.print_help()
            sys.exit(0)

        if args.permanent:
            fw_helper = fw.config().getHelperByName(args.helper)
        else:
            cmd.fail("Not possible to alter runtime helper settings")

        if args.item == "port":
            cmd.remove_sequence(args.port,
                                fw_helper.removePort,
                                fw_helper.queryPort,
                                cmd.parse_port, "'%s/%s'")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "get":

        if not hasattr(args, "item"):
            grp_helper_get.print_help()
            sys.exit(0)

        if args.permanent:
            fw_helper = fw.config().getHelperByName(args.helper)
        else:
            fw_helper = fw.getHelperSettings(args.helper)

        if args.item == "description":
            cmd.print_and_exit(fw_helper.getDescription())

        elif args.item == "family":
            cmd.print_and_exit(fw_helper.getFamily())

        elif args.item == "module":
            cmd.print_and_exit(fw_helper.getModule())

        elif args.item == "short":
            cmd.print_and_exit(fw_helper.getShort())

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "set":

        if not hasattr(args, "item"):
            grp_helper_set.print_help()
            sys.exit(0)

        if args.permanent:
            fw_helper = fw.config().getHelperByName(args.helper)
        else:
            cmd.fail("Not possible to alter runtime helper settings")

        if args.item == "description":
            fw_helper.setDescription(args.description)

        elif args.item == "family":
            fw_helper.setFamily(cmd.check_helper_family(args.family))

        elif args.item == "module":
            fw_helper.setModule(cmd.check_module(args.module))

        elif args.item == "short":
            fw_helper.setShort(args.short)

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "query":

        if not hasattr(args, "item"):
            grp_helper_query.print_help()
            sys.exit(0)

        if args.permanent:
            fw_helper = fw.config().getHelperByName(args.helper)
        else:
            fw_helper = fw.getHelperSettings(args.helper)

        if args.item == "port":
            cmd.query_sequence(args.port,
                               fw_helper.queryPort,
                               cmd.parse_port, "'%s/%s'")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "list":

        if not hasattr(args, "item"):
            grp_helper_list.print_help()
            sys.exit(0)

        if args.permanent:
            fw_helper = fw.config().getHelperByName(args.helper)
        else:
            fw_helper = fw.getHelperSettings(args.helper)

        if args.item == "ports":
            cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
                                         for port in
                                         fw_helper.getPorts()]))

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "load-defaults":

        if args.permanent:
            fw_helper = fw.config().getHelperByName(args.helper)
            fw_helper.loadDefaults()
        else:
            cmd.fail("Not possible to load defaults in runtime")

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# icmptype

elif args.parser == "icmptype":

    if not hasattr(args, "action"):
        grp_icmptype.print_help()
        sys.exit(0)

    if args.action == "add":

        if not hasattr(args, "item"):
            grp_icmptype_add.print_help()
            sys.exit(0)

        if args.permanent:
            fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
        else:
            cmd.fail("Not possible to alter runtime icmptype settings")

        if args.item == "destination":
            cmd.add_sequence(args.destination,
                             fw_icmptype.addDestination,
                             fw_icmptype.queryDestination,
                             cmd.check_destination_ipv, "'%s'")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "remove":

        if not hasattr(args, "item"):
            grp_icmptype_remove.print_help()
            sys.exit(0)

        if args.permanent:
            fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
        else:
            cmd.fail("Not possible to alter runtime icmptype settings")

        if args.item == "destination":
            cmd.remove_sequence(args.destination,
                                fw_icmptype.removeDestination,
                                fw_icmptype.queryDestination,
                                cmd.check_destination_ipv, "'%s'")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "get":

        if not hasattr(args, "item"):
            grp_icmptype_get.print_help()
            sys.exit(0)

        if args.permanent:
            fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
        else:
            fw_icmptype = fw.getIcmpTypeSettings(args.icmptype)

        if args.item == "description":
            cmd.print_and_exit(fw_icmptype.getDescription())

        elif args.item == "short":
            cmd.print_and_exit(fw_icmptype.getShort())

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "set":

        if not hasattr(args, "item"):
            grp_icmptype_set.print_help()
            sys.exit(0)

        if args.permanent:
            fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
        else:
            cmd.fail("Not possible to alter runtime icmptype settings")

        if args.item == "description":
            fw_icmptype.setDescription(args.description)

        elif args.item == "short":
            fw_icmptype.setShort(args.short)

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "query":

        if not hasattr(args, "item"):
            grp_icmptype_query.print_help()
            sys.exit(0)

        if args.permanent:
            fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
        else:
            fw_icmptype = fw.getIcmpTypeSettings(args.icmptype)

        if args.item == "destination":
            cmd.query_sequence(args.destination,
                               fw_icmptype.queryDestination,
                               cmd.check_destination_ipv, "'%s'")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "list":

        if not hasattr(args, "item"):
            grp_icmptype_list.print_help()
            sys.exit(0)

        if args.permanent:
            fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
        else:
            fw_icmptype = fw.getIcmpTypeSettings(args.icmptype)

        if args.item == "destinations":
            items = fw_icmptype.getDestinations()
            if len(items) < 1:
                items = [ "ipv4", "ipv6" ]
            cmd.print_and_exit(" ".join(items))

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "load-defaults":

        if args.permanent:
            fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
            fw_icmptype.loadDefaults()
        else:
            cmd.fail("Not possible to load defaults in runtime")

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# new

elif args.parser == "new":

    if not hasattr(args, "action"):
        grp_new.print_help()
        sys.exit(0)

    if not args.permanent:
        cmd.fail("Not possible to use new in runtime environment")

    if args.action == "zone":

        if args.name is None and args.filename is None:
            cmd.fail("Missing option: -n <name> | -f <filename> [-n <name>]")

        elif args.filename is not None:
            filename = os.path.basename(args.filename)
            dirname = os.path.dirname(args.filename)
            if dirname == "":
                dirname = "./"
            try:
                obj = zone_reader(filename, dirname)
            except FirewallError as msg:
                cmd.fail("Failed to load zone file '%s': %s" % \
                       (args.filename, msg))
            except IOError as msg:
                cmd.fail("Failed to load zone file: %s" % msg)

            if args.name:
                obj.name = args.name

            config = fw.config()
            config.addZone(obj.name, obj.export_config())

        else:
            config = fw.config()
            config.addZone(args.name, FirewallClientZoneSettings())


    elif args.action == "service":

        if args.name is None and args.filename is None:
            cmd.fail("Missing option: -n <name> | -f <filename> [-n <name>]")

        elif args.filename is not None:
            filename = os.path.basename(args.filename)
            dirname = os.path.dirname(args.filename)
            if dirname == "":
                dirname = "./"
            try:
                obj = service_reader(filename, dirname)
            except FirewallError as msg:
                cmd.fail("Failed to load service file '%s': %s" % \
                       (args.filename, msg))
            except IOError as msg:
                cmd.fail("Failed to load service file: %s" % msg)

            if args.name:
                obj.name = args.name

            config = fw.config()
            config.addService(obj.name, obj.export_config())

        else:
            config = fw.config()
            config.addService(args.name, FirewallClientServiceSettings())


    elif args.action == "ipset":

        if args.filename is None and (args.name is None or args.type is None):
            cmd.fail("Missing option: -n <name> -t <ipsettype> | "
                     "-f <filename> [-n <name>]")

        elif args.filename is not None:
            filename = os.path.basename(args.filename)
            dirname = os.path.dirname(args.filename)
            if dirname == "":
                dirname = "./"
            try:
                obj = ipset_reader(filename, dirname)
            except FirewallError as msg:
                cmd.fail("Failed to load ipset file '%s': %s" % \
                       (args.filename, msg))
            except IOError as msg:
                cmd.fail("Failed to load ipset file: %s" % msg)

            if args.name:
                obj.name = args.name

            config = fw.config()
            config.addIPSet(obj.name, obj.export_config())

        else:
            settings = FirewallClientIPSetSettings()
            settings.setType(args.type)
            if args.option:
                for opt in args.option:
                    settings.addOption(*cmd.parse_ipset_option(opt))
            config = fw.config()
            config.addIPSet(args.name, settings)

    elif args.action == "helper":

        if args.name is None and args.filename is None:
            cmd.fail("Missing option: -n <name> | -f <filename> [-n <name>]")

        elif args.filename is not None:
            filename = os.path.basename(args.filename)
            dirname = os.path.dirname(args.filename)
            if dirname == "":
                dirname = "./"
            try:
                obj = helper_reader(filename, dirname)
            except FirewallError as msg:
                cmd.fail("Failed to load helper file '%s': %s" % \
                       (args.filename, msg))
            except IOError as msg:
                cmd.fail("Failed to load helper file: %s" % msg)

            if args.name:
                obj.name = args.name

            config = fw.config()
            config.addHelper(obj.name, obj.export_config())

        else:
            config = fw.config()
            config.addHelper(args.name, FirewallClientHelperSettings())

    elif args.action == "icmptype":

        if args.name is None and args.filename is None:
            cmd.fail("Missing option: -n <name> | -f <filename> [-n <name>]")

        elif args.filename is not None:
            filename = os.path.basename(args.filename)
            dirname = os.path.dirname(args.filename)
            if dirname == "":
                dirname = "./"
            try:
                obj = icmptype_reader(filename, dirname)
            except FirewallError as msg:
                cmd.fail("Failed to load icmptype file '%s': %s" % \
                       (args.filename, msg))
            except IOError as msg:
                cmd.fail("Failed to load icmptype file: %s" % msg)

            if args.name:
                obj.name = args.name

            config = fw.config()
            config.addIcmpType(obj.name, obj.export_config())

        else:
            config = fw.config()
            config.addIcmpType(args.name, FirewallClientIcmpTypeSettings())

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# delete

elif args.parser == "delete":

    if not hasattr(args, "action"):
        grp_delete.print_help()
        sys.exit(0)

    if not args.permanent:
        cmd.fail("Not possible to use delete in runtime environment")

    if args.action == "zone":

        zone = fw.config().getZoneByName(args.zone)
        zone.remove()

    elif args.action == "service":

        service = fw.config().getServiceByName(args.service)
        service.remove()

    elif args.action == "ipset":

        ipset = fw.config().getIPSetByName(args.ipset)
        ipset.remove()

    elif args.action == "helper":

        helper = fw.config().getHelperByName(args.helper)
        helper.remove()

    elif args.action == "icmptype":

        icmptype = fw.config().getIcmpTypeByName(args.icmptype)
        icmptype.remove()

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# direct

elif args.parser == "direct":

    if not hasattr(args, "action"):
        grp_direct.print_help()
        sys.exit(0)

    if args.action == "add":

        if not hasattr(args, "item"):
            grp_direct_add.print_help()
            sys.exit(0)

        if args.permanent:
            fw_direct = fw.config().direct()

        if args.item == "chain":
            if args.permanent:
                fw_direct.addChain(cmd.check_ipv(args.chain[0]),
                                   args.chain[1], args.chain[2])
            else:
                fw.addChain(cmd.check_ipv(args.chain[0]), args.chain[1],
                            args.chain[2])

        elif args.item == "rule":
            failure_msg = "usage: direct add rule { ipv4 | ipv6 | eb }" + \
                          " <table> <chain> <priority> <args>"
            if len(args.rule) < 5:
                cmd.fail(failure_msg)
            try:
                priority = int(args.rule[3])
            except ValueError:
                cmd.fail(failure_msg)

            if args.permanent:
                fw_direct.addRule(cmd.check_ipv(args.rule[0]), args.rule[1],
                                  args.rule[2], priority,
                                  splitArgs(args.rule[4]))

            else:
                fw.addRule(cmd.check_ipv(args.rule[0]), args.rule[1],
                           args.rule[2], priority, splitArgs(args.rule[4]))

        elif args.item == "passthrough":
            if len(args.passthrough) < 2:
                cmd.fail("usage: direct add passthrough "
                         "{ ipv4 | ipv6 | eb } <args>")

            if args.permanent:
                cmd.print_msg(
                    fw_direct.addPassthrough(cmd.check_ipv(args.passthrough[0]),
                                             splitArgs(args.passthrough[1])))
            else:
                cmd.print_msg(
                    fw.addPassthrough(cmd.check_ipv(args.passthrough[0]),
                                      splitArgs(args.passthrough[1])))

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "query":

        if not hasattr(args, "item"):
            grp_direct_query.print_help()
            sys.exit(0)

        if args.permanent:
            fw_direct = fw.config().direct()

        if args.item == "chain":
            if args.permanent:
                cmd.print_query_result(
                    fw_direct.queryChain(cmd.check_ipv(args.chain[0]),
                                         args.chain[1], args.chain[2]))
            else:
                cmd.print_query_result(
                    fw.queryChain(cmd.check_ipv(args.chain[0]), args.chain[1],
                                  args.chain[2]))

        elif args.item == "rule":
            failure_msg = "usage: direct query rule { ipv4 | ipv6 | eb }" + \
                          " <table> <chain> <priority> <args>"
            if len(args.rule) < 5:
                cmd.fail(failure_msg)
            try:
                priority = int(args.rule[3])
            except ValueError:
                cmd.fail(failure_msg)

            if args.permanent:
                cmd.print_query_result(
                    fw_direct.queryRule(cmd.check_ipv(args.rule[0]),
                                        args.rule[1], args.rule[2], priority,
                                        splitArgs(args.rule[4])))

            else:
                cmd.print_query_result(
                    fw.queryRule(cmd.check_ipv(args.rule[0]), args.rule[1],
                                 args.rule[2], priority,
                                 splitArgs(args.rule[4])))

        elif args.item == "passthrough":
            if len(args.passthrough) < 2:
                cmd.fail("usage: direct query passthrough "
                         "{ ipv4 | ipv6 | eb } <args>")

            if args.permanent:
                cmd.print_query_result(
                    fw_direct.queryPassthrough(
                        cmd.check_ipv(args.passthrough[0]),
                        splitArgs(args.passthrough[1])))
            else:
                cmd.print_query_result(
                    fw.queryPassthrough(cmd.check_ipv(args.passthrough[0]),
                                        splitArgs(args.passthrough[1])))

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "remove":

        if not hasattr(args, "item"):
            grp_direct_remove.print_help()
            sys.exit(0)

        if args.permanent:
            fw_direct = fw.config().direct()

        if args.item == "chain":
            if args.permanent:
                fw_direct.removeChain(cmd.check_ipv(args.chain[0]),
                                      args.chain[1], args.chain[2])
            else:
                fw.removeChain(cmd.check_ipv(args.chain[0]), args.chain[1],
                               args.chain[2])

        elif args.item == "rule":
            failure_msg = "usage: direct remove rule { ipv4 | ipv6 | eb }" + \
                          " <table> <chain> <priority> <args>"
            if len(args.rule) < 5:
                cmd.fail(failure_msg)
            try:
                priority = int(args.rule[3])
            except ValueError:
                cmd.fail(failure_msg)

            if args.permanent:
                fw_direct.removeRule(cmd.check_ipv(args.rule[0]), args.rule[1],
                                     args.rule[2], priority,
                                     splitArgs(args.rule[4]))

            else:
                fw.removeRule(cmd.check_ipv(args.rule[0]), args.rule[1],
                              args.rule[2], priority, splitArgs(args.rule[4]))

        elif args.item == "passthrough":
            if len(args.passthrough) < 2:
                cmd.fail("usage: direct remove passthrough "
                         "{ ipv4 | ipv6 | eb } <args>")

            if args.permanent:
                fw_direct.removePassthrough(cmd.check_ipv(args.passthrough[0]),
                                            splitArgs(args.passthrough[1]))
            else:
                fw.removePassthrough(cmd.check_ipv(args.passthrough[0]),
                                     splitArgs(args.passthrough[1]))

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "passthrough":

        if len(args.passthrough) < 2:
            cmd.fail("usage: direct passthrough { ipv4 | ipv6 | eb } <args>")
        msg = fw.passthrough(cmd.check_ipv(args.passthrough[0]),
                             splitArgs(args.passthrough[1]))
        if msg:
            sys.stdout.write(msg + "\n")

    elif args.action == "get":

        if not hasattr(args, "item"):
            grp_direct_add.print_help()
            sys.exit(0)

        if args.permanent:
            fw_direct = fw.config().direct()

        if args.item == "all-chains":
            if args.permanent:
                chains = fw_direct.getAllChains()
                for (ipv, table, chain) in chains:
                    cmd.print_msg("%s %s %s" % (ipv, table, chain))
                sys.exit(0)
            else:
                chains = fw.getAllChains()
                for (ipv, table, chain) in chains:
                    cmd.print_msg("%s %s %s" % (ipv, table, chain))
                sys.exit(0)

        if args.item == "chains":
            if args.permanent:
                cmd.print_and_exit(" ".join(fw_direct.getChains(
                    cmd.check_ipv(args.chains[0]),
                    args.chains[1])))
            else:
                cmd.print_and_exit(
                    " ".join(fw.getChains(cmd.check_ipv(args.chains[0]),
                                          args.chains[1])))

        elif args.item == "all-rules":
            if args.permanent:
                rules = fw_direct.getAllRules()
                for (ipv, table, chain, priority, rule) in rules:
                    cmd.print_msg("%s %s %s %d %s" % \
                                  (ipv, table, chain, priority,
                                   joinArgs(rule)))
                sys.exit(0)
            else:
                rules = fw.getAllRules()
                for (ipv, table, chain, priority, rule) in rules:
                    cmd.print_msg("%s %s %s %d %s" % \
                                  (ipv, table, chain, priority,
                                   joinArgs(rule)))
                sys.exit(0)

        elif args.item == "rules":
            if args.permanent:
                rules = fw_direct.getRules(cmd.check_ipv(args.rules[0]),
                                           args.rules[1], args.rules[2])
                for (priority, rule) in rules:
                    cmd.print_msg("%d %s" % (priority, joinArgs(rule)))
                sys.exit(0)
            else:
                rules = fw.getRules(cmd.check_ipv(args.rules[0]),
                                    args.rules[1], args.rules[2])
                for (priority, rule) in rules:
                    cmd.print_msg("%d %s" % (priority, joinArgs(rule)))
                sys.exit(0)

        elif args.item == "all-passthroughs":
            if args.permanent:
                for (ipv, rule) in fw_direct.getAllPassthroughs():
                    cmd.print_msg("%s %s" % (ipv, joinArgs(rule)))
                sys.exit(0)
            else:
                for (ipv, rule) in fw.getAllPassthroughs():
                    cmd.print_msg("%s %s" % (ipv, joinArgs(rule)))
                sys.exit(0)

        elif args.item == "passthroughs":
            if args.permanent:
                rules = fw_direct.getPassthroughs(cmd.check_ipv(
                    args.passthroughs[0]))
                for rule in rules:
                    cmd.print_msg(joinArgs(rule))
                sys.exit(0)
            else:
                rules = fw.getPassthroughs(cmd.check_ipv(args.passthroughs[0]))
                for rule in rules:
                    cmd.print_msg(joinArgs(rule))
                sys.exit(0)

        else:
            cmd.fail("Uncaught argument")

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# lockdown

elif args.parser == "lockdown-whitelist":

    if not hasattr(args, "action"):
        grp_lockdown_whitelist.print_help()
        sys.exit(0)

    if args.action == "add":

        if not hasattr(args, "item"):
            grp_lockdown_whitelist_add.print_help()
            sys.exit(0)

        if args.permanent:
            fw_policies = fw.config().policies()
        else:
            fw_policies = fw

        if args.item == "command":
            cmd.add_sequence(args.command,
                             fw_policies.addLockdownWhitelistCommand,
                             fw_policies.queryLockdownWhitelistCommand,
                             None, "'%s'")

        elif args.item == "context":
            cmd.add_sequence(args.context,
                             fw_policies.addLockdownWhitelistContext,
                             fw_policies.queryLockdownWhitelistContext,
                             None, "'%s'")

        elif args.item == "uid":
            cmd.add_sequence(args.uid,
                             fw_policies.addLockdownWhitelistUid,
                             fw_policies.queryLockdownWhitelistUid,
                             None, "'%s'")

        elif args.item == "user":
            cmd.add_sequence(args.user,
                             fw_policies.addLockdownWhitelistUser,
                             fw_policies.queryLockdownWhitelistUser,
                             None, "'%s'")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "query":

        if not hasattr(args, "item"):
            grp_lockdown_whitelist_query.print_help()
            sys.exit(0)

        if args.permanent:
            fw_policies = fw.config().policies()
        else:
            fw_policies = fw

        if args.item == "command":
            cmd.query_sequence(args.command,
                               fw_policies.queryLockdownWhitelistCommand,
                               None, "'%s'")

        elif args.item == "context":
            cmd.query_sequence(args.context,
                               fw_policies.queryLockdownWhitelistContext,
                               None, "'%s'")

        elif args.item == "uid":
            cmd.query_sequence(args.uid,
                               fw_policies.queryLockdownWhitelistUid,
                               None, "'%s'")

        elif args.item == "user":
            cmd.query_sequence(args.user,
                               fw_policies.queryLockdownWhitelistUser,
                               None, "'%s'")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "remove":

        if not hasattr(args, "item"):
            grp_lockdown_whitelist_remove.print_help()
            sys.exit(0)

        if args.permanent:
            fw_policies = fw.config().policies()
        else:
            fw_policies = fw

        if args.item == "command":
            cmd.remove_sequence(args.command,
                                fw_policies.removeLockdownWhitelistCommand,
                                fw_policies.queryLockdownWhitelistCommand,
                                None, "'%s'")

        elif args.item == "context":
            cmd.remove_sequence(args.context,
                                fw_policies.removeLockdownWhitelistContext,
                                fw_policies.queryLockdownWhitelistContext,
                                None, "'%s'")

        elif args.item == "uid":
            cmd.remove_sequence(args.uid,
                                fw_policies.removeLockdownWhitelistUid,
                                fw_policies.queryLockdownWhitelistUid,
                                None, "'%s'")

        elif args.item == "user":
            cmd.remove_sequence(args.user,
                                fw_policies.removeLockdownWhitelistUser,
                                fw_policies.queryLockdownWhitelistUser,
                                None, "'%s'")

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "list":

        if not hasattr(args, "item"):
            grp_lockdown_whitelist_list.print_help()
            sys.exit(0)

        if args.permanent:
            fw_policies = fw.config().policies()
        else:
            fw_policies = fw

        if args.item == "commands":
            cmd.print_and_exit("\n".join(
                fw_policies.getLockdownWhitelistCommands()))

        elif args.item == "contexts":
            cmd.print_and_exit("\n".join(
                fw_policies.getLockdownWhitelistContexts()))

        elif args.item == "uids":
            cmd.print_and_exit("\n".join(map(
                str, fw_policies.getLockdownWhitelistUids())))

        elif args.item == "users":
            cmd.print_and_exit("\n".join(
                fw_policies.getLockdownWhitelistUsers()))

        else:
            cmd.fail("Uncaught argument")

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# config
elif args.parser == "config":

    if not hasattr(args, "action"):
        grp_config.print_help()
        sys.exit(0)

    if args.action == "get":

        if not hasattr(args, "item"):
            grp_config_get.print_help()
            sys.exit(0)

        if args.item == "default-zone":
            cmd.print_and_exit(fw.getDefaultZone())

        elif args.item == "lockdown":
            cmd.print_query_result(fw.queryLockdown())

        elif args.item == "log-denied":
            cmd.print_and_exit(fw.getLogDenied())

        elif args.item == "panic":
            cmd.print_query_result(fw.queryPanicMode())

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "list":

        cmd.print_msg("default-zone %s" % fw.getDefaultZone())
        cmd.print_msg("lockdown     %s" % ("no", "yes")[fw.queryLockdown()])
        cmd.print_msg("log-denied   %s" % fw.getLogDenied())
        cmd.print_msg("panic        %s" % ("no", "yes")[fw.queryPanicMode()])
        sys.exit(0)

    elif args.action == "set":

        if not hasattr(args, "item"):
            grp_config_set.print_help()
            sys.exit(0)

        if args.item == "default-zone":
            fw.setDefaultZone(args.default_zone)

        elif args.item == "lockdown":
            if args.lockdown in [ "yes", "on" ]:
                fw.config().set_property("Lockdown", "yes")
                fw.enableLockdown()
            elif args.lockdown in [ "no", "off" ]:
                fw.config().set_property("Lockdown", "no")
                fw.disableLockdown()
            else:
                cmd.fail("Bad argument")

        elif args.item == "log-denied":
            fw.setLogDenied(args.log_denied)

        elif args.item == "panic":
            if args.panic in [ "yes", "on" ]:
                fw.enablePanicMode()
            elif args.panic in [ "no", "off" ]:
                fw.disablePanicMode()
            else:
                cmd.fail("Bad argument")

        else:
            cmd.fail("Uncaught argument")

    else:
        cmd.fail("Uncaught argument")

#############################################################################

# settings
elif args.parser == "settings":
    if not hasattr(args, "action"):
        grp_settings.print_help()
        sys.exit(0)

    if args.action == "get":

        if not hasattr(args, "item"):
            grp_settings_get.print_help()
            sys.exit(0)

        if args.item == "BRIDGE":
            cmd.print_and_exit(("no", "yes")[fw.get_property(args.item)])

        elif args.item == "CleanupOnExit":
            cmd.print_and_exit(fw.config().get_property(args.item))

        elif args.item == "IPSet":
            cmd.print_and_exit(("no", "yes")[fw.get_property(args.item)])

        elif args.item == "IPSetTypes":
            cmd.print_and_exit(" ".join(sorted(fw.get_property(args.item))))

        elif args.item == "IPv4":
            cmd.print_and_exit(("no", "yes")[fw.get_property(args.item)])

        elif args.item == "IPv6":
            cmd.print_and_exit(("no", "yes")[fw.get_property(args.item)])

        elif args.item == "IPv6_rpfilter":
            cmd.print_and_exit(("no", "yes")[fw.get_property(args.item)])

        elif args.item == "IndividualCalls":
            cmd.print_and_exit(fw.config().get_property(args.item))

        elif args.item == "MinimalMark":
            cmd.print_and_exit(fw.config().get_property(args.item))

        else:
            cmd.fail("Uncaught argument")

    elif args.action == "list":

        props = [ "BRIDGE", "IndividualCalls","IPSet", "IPSetTypes", "IPv4",
                  "IPv6", "IPv6_rpfilter", "CleanupOnExit", "MinimalMark" ]
        l = len(max(props, key=len))
        for x in sorted(props):
            if x in [ "CleanupOnExit", "MinimalMark", "IndividualCalls" ]:
                prop = fw.config().get_property(x)
            else:
                prop = fw.get_property(x)
            if isinstance(prop, list):
                prop = " ".join(prop)
            elif isinstance(prop, bool):
                prop = ("no", "yes")[prop]

            cmd.print_msg("%s %s" % (x.ljust(l), prop))

        sys.exit(0)

    else:
        cmd.fail("Uncaught argument")

else:
    cmd.fail("Uncaught argument")

# final success

cmd.print_and_exit("success")

Anon7 - 2022
SCDN GOK