firewall: minor improvements

Do not require ports specified in rule - useful for "any" protocol where
ports doesn't have sense.

core-modules/000QubesVm.py

@@ -1274,9 +1274,10 @@ class QubesVm(object):
             )
             if rule["netmask"] is not None and rule["netmask"] != 32:
                 element.set("netmask", str(rule["netmask"]))
-            if rule["portBegin"] is not None and rule["portBegin"] > 0:
+            if rule.get("portBegin", None) is not None and \
+                            rule["portBegin"] > 0:
                 element.set("port", str(rule["portBegin"]))
-            if rule["portEnd"] is not None and rule["portEnd"] > 0:
+            if rule.get("portEnd", None) is not None and rule["portEnd"] > 0:
                 element.set("toport", str(rule["portEnd"]))
             if "expire" in rule:
                 element.set("expire", str(rule["expire"]))

qvm-tools/qvm-firewall

@@ -284,7 +284,8 @@ def main():
             print >> sys.stderr, "... or use --force-root to continue anyway."
             exit(1)
 
-    if options.do_add or options.do_del or options.set_policy or options.set_icmp or options.set_dns or options.set_yum_proxy:
+    if options.do_add or options.do_del or options.set_policy or \
+            options.set_icmp or options.set_dns or options.set_yum_proxy:
         options.do_list = False
     qvm_collection = QubesVmCollection()
     if options.do_list: