Reverting part of 887518ce on Sunil's advice:
An assumption made for the sake of simple API is that all
externally available services are also available internally. They
are not mutually exclusive.
Your change will enable a service only if it is not externally
available. For example, HTTPS is externally available. It will no
longer be made internally available. Which is not right.
We should either revert this line or introduce a way to mark all
the services as internal as well and write code handle that
properly.
This replaces the /etc/init.d/(freedombox-)proxy script
that enables masquerading traffic from internal interface
using and external interface. It makes the same assumptions
about the nature of network interfaces as the proxy script.
FirewallD automatcially takes care of loading masquerading
modules, enabling kernel parameter for forwarding and
allowing masquerading using external interfaces.
- Ports are allowed in default zone as soon as a service is enabled
- Ports are disabled when all services depending on the port are disabled
- Shows current enabled state of services and their each of thier ports
- Basic information about each service is available for consumers
- Information about whether service is enabled or disabled is available
- Interested parties may listen to enabling/disabling of a service
- Information about some core services are made available
- Add license header
- Fix pylint, pep8 and pyflakes warnings and errors
- Fix incorrect use of gettext._()
- Don't store hostname and timezone in Plinth storage. Instead use
values from probing the system
- Don't use exec()
- Other minor refactorings
- contract module has not see a release since 2010
- Corresponding PEP has been deferred
- python-contract module in Debian is orphaned
- We are only using contract module in one method of one module
- That can be replaced with one line of check instead of depending on an
entire module
- The code using contract module does not work
- There is already replacement one line code that is actually working
