dom0/qubes-firewall: make protocol selection smart
This commit is contained in:
Marek Marczykowski
Joanna Rutkowska
parent
21803c14fa
commit
74386d2d43
@ -1006,7 +1006,10 @@ class QubesVm(object):
|
|||||||
for rule in conf["rules"]:
|
for rule in conf["rules"]:
|
||||||
# For backward compatibility
|
# For backward compatibility
|
||||||
if "proto" not in rule:
|
if "proto" not in rule:
|
||||||
rule["proto"] = "tcp"
|
if rule["portBegin"] is not None and rule["portBegin"] > 0:
|
||||||
|
rule["proto"] = "tcp"
|
||||||
|
else:
|
||||||
|
rule["proto"] = "any"
|
||||||
element = xml.etree.ElementTree.Element(
|
element = xml.etree.ElementTree.Element(
|
||||||
"rule",
|
"rule",
|
||||||
address=rule["address"],
|
address=rule["address"],
|
||||||
@ -1065,16 +1068,19 @@ class QubesVm(object):
|
|||||||
else:
|
else:
|
||||||
rule["netmask"] = 32
|
rule["netmask"] = 32
|
||||||
|
|
||||||
# For backward compatibility default to tcp
|
|
||||||
if rule["proto"] is None:
|
|
||||||
rule["proto"] = "tcp"
|
|
||||||
|
|
||||||
if rule["port"] is not None:
|
if rule["port"] is not None:
|
||||||
rule["portBegin"] = int(rule["port"])
|
rule["portBegin"] = int(rule["port"])
|
||||||
else:
|
else:
|
||||||
# backward compatibility
|
# backward compatibility
|
||||||
rule["portBegin"] = 0
|
rule["portBegin"] = 0
|
||||||
|
|
||||||
|
# For backward compatibility
|
||||||
|
if rule["proto"] is None:
|
||||||
|
if rule["portBegin"] > 0:
|
||||||
|
rule["proto"] = "tcp"
|
||||||
|
else:
|
||||||
|
rule["proto"] = "any"
|
||||||
|
|
||||||
if rule["toport"] is not None:
|
if rule["toport"] is not None:
|
||||||
rule["portEnd"] = int(rule["toport"])
|
rule["portEnd"] = int(rule["toport"])
|
||||||
else:
|
else:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user