qubes/firewall: allow listing only IPv4/IPv6 rules

This will allow setting only IPv4-related rules to IPv4 address, and the
same for IPv6

QubesOS/qubes-issues#1815
This commit is contained in:
Marek Marczykowski-Górecki 2016-09-12 06:02:07 +02:00
parent e01f7b97d9
commit 5123f466eb
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724

View File

@ -467,10 +467,16 @@ class Firewall(object):
"qubes-reload-firewall@%s.timer" % self.vm.name]) "qubes-reload-firewall@%s.timer" % self.vm.name])
def qdb_entries(self): def qdb_entries(self, addr_family=None):
entries = { entries = {
'policy': str(self.policy) 'policy': str(self.policy)
} }
exclude_dsttype = None
if addr_family is not None:
exclude_dsttype = 'dst4' if addr_family == 6 else 'dst6'
for ruleno, rule in zip(itertools.count(), self.rules): for ruleno, rule in zip(itertools.count(), self.rules):
# exclude rules for another address family
if rule.dsthost and rule.dsthost.type == exclude_dsttype:
continue
entries['{:04}'.format(ruleno)] = rule.rule entries['{:04}'.format(ruleno)] = rule.rule
return entries return entries