Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

firewall: minor improvements

Browse Source 
Do not require ports specified in rule - useful for "any" protocol where
ports doesn't have sense.
This commit is contained in:
Marek Marczykowski-Górecki 2014-03-28 02:55:35 +01:00
parent e90e1c62ec
commit 242590902a
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core-modules/000QubesVm.py
View File

@ -1274,9 +1274,10 @@ class QubesVm(object):
) )
if rule["netmask"] is not None and rule["netmask"] != 32: if rule["netmask"] is not None and rule["netmask"] != 32:
element.set("netmask", str(rule["netmask"])) element.set("netmask", str(rule["netmask"]))
if rule["portBegin"] is not None and rule["portBegin"] > 0: if rule.get("portBegin", None) is not None and \
rule["portBegin"] > 0:
element.set("port", str(rule["portBegin"])) element.set("port", str(rule["portBegin"]))
if rule["portEnd"] is not None and rule["portEnd"] > 0: if rule.get("portEnd", None) is not None and rule["portEnd"] > 0:
element.set("toport", str(rule["portEnd"])) element.set("toport", str(rule["portEnd"]))
if "expire" in rule: if "expire" in rule:
element.set("expire", str(rule["expire"])) element.set("expire", str(rule["expire"]))

3
qvm-tools/qvm-firewall
View File

@ -284,7 +284,8 @@ def main():
print >> sys.stderr, "... or use --force-root to continue anyway." print >> sys.stderr, "... or use --force-root to continue anyway."
exit(1) exit(1)
if options.do_add or options.do_del or options.set_policy or options.set_icmp or options.set_dns or options.set_yum_proxy: if options.do_add or options.do_del or options.set_policy or \
options.set_icmp or options.set_dns or options.set_yum_proxy:
options.do_list = False options.do_list = False
qvm_collection = QubesVmCollection() qvm_collection = QubesVmCollection()
if options.do_list: if options.do_list: