From 00fbfdd77aaa200eed5874b1f70d8ef9a24f8d05 Mon Sep 17 00:00:00 2001 From: Peter Gerber Date: Wed, 2 May 2018 23:54:46 +0200 Subject: [PATCH] tools/qvm-firewall: add dst4 and dst6 as synonyms for dsthost --- doc/manpages/qvm-firewall.rst | 6 ++++++ qubesadmin/tests/tools/qvm_firewall.py | 8 ++++++++ qubesadmin/tools/qvm_firewall.py | 4 ++++ 3 files changed, 18 insertions(+) diff --git a/doc/manpages/qvm-firewall.rst b/doc/manpages/qvm-firewall.rst index 7484937..470d61e 100644 --- a/doc/manpages/qvm-firewall.rst +++ b/doc/manpages/qvm-firewall.rst @@ -66,6 +66,12 @@ further rules are not evaluated. If none of the rules match, default action Supported matches: - ``dsthost`` - destination host or network. Can be either IP address in CIDR notation, or a host name. Both IPv4 and IPv6 are supported by the rule syntax. + In order to allow reuse of ``--raw`` output, ``dst4`` and ``dst6`` are accepted + as synonyms. + + - ``dst4`` - see ``dsthost`` + + - ``dst6`` - see ``dsthost`` - ``proto`` - specific IP protocol. Supported values: ``tcp``, ``udp``, ``icmp``. diff --git a/qubesadmin/tests/tools/qvm_firewall.py b/qubesadmin/tests/tools/qvm_firewall.py index ae6f516..b1a5c44 100644 --- a/qubesadmin/tests/tools/qvm_firewall.py +++ b/qubesadmin/tests/tools/qvm_firewall.py @@ -88,6 +88,14 @@ class TC_00_RuleAction(qubesadmin.tests.QubesTestCase): None, action='accept', dsthost='127.0.0.1/32', expire=now+100)) + def test_006_dsthost_aliases(self): + ns = argparse.Namespace() + for name in ['dsthost', 'dst4', 'dst6']: + self.action(None, ns, [name + '=127.0.0.1', 'accept']) + self.assertEqual(ns.rule, + qubesadmin.firewall.Rule( + None, action='accept', dsthost='127.0.0.1/32')) + class TC_10_qvm_firewall(qubesadmin.tests.QubesTestCase): def setUp(self): diff --git a/qubesadmin/tools/qvm_firewall.py b/qubesadmin/tools/qvm_firewall.py index 53b9596..5dda174 100644 --- a/qubesadmin/tools/qvm_firewall.py +++ b/qubesadmin/tools/qvm_firewall.py @@ -56,6 +56,8 @@ class RuleAction(argparse.Action): else: raise argparse.ArgumentError(None, 'invalid rule description: {}'.format(opt)) + if key in ['dst4', 'dst6']: + key = 'dsthost' if key not in allowed_opts: raise argparse.ArgumentError(None, 'Invalid rule element: {}'.format(opt)) @@ -87,6 +89,8 @@ interchangeably. Available rules: action: accept or drop + dst4 synonym for dsthost + dst6 synonym for dsthost dsthost IP, network or hostname (e.g. 10.5.3.2, 192.168.0.0/16, www.example.com, fd00::/8)