firewall: minor improvements

Do not require ports specified in rule - useful for "any" protocol where ports doesn't have sense.
2014-03-28 02:55:35 +01:00 · 2014-03-28 02:55:35 +01:00 · 242590902a
commit 242590902a
parent e90e1c62ec
2 changed files with 5 additions and 3 deletions
--- a/core-modules/000QubesVm.py
+++ b/core-modules/000QubesVm.py
@ -1274,9 +1274,10 @@ class QubesVm(object):
            )
            if rule["netmask"] is not None and rule["netmask"] != 32:
                element.set("netmask", str(rule["netmask"]))
-            if rule["portBegin"] is not None and rule["portBegin"] > 0:
+            if rule.get("portBegin", None) is not None and \
+                            rule["portBegin"] > 0:
                element.set("port", str(rule["portBegin"]))
-            if rule["portEnd"] is not None and rule["portEnd"] > 0:
+            if rule.get("portEnd", None) is not None and rule["portEnd"] > 0:
                element.set("toport", str(rule["portEnd"]))
            if "expire" in rule:
                element.set("expire", str(rule["expire"]))
--- a/qvm-tools/qvm-firewall
+++ b/qvm-tools/qvm-firewall
@ -284,7 +284,8 @@ def main():
            print >> sys.stderr, "... or use --force-root to continue anyway."
            exit(1)

-    if options.do_add or options.do_del or options.set_policy or options.set_icmp or options.set_dns or options.set_yum_proxy:
+    if options.do_add or options.do_del or options.set_policy or \
+            options.set_icmp or options.set_dns or options.set_yum_proxy:
        options.do_list = False
    qvm_collection = QubesVmCollection()
    if options.do_list: