dom0/qubes-firewall: make protocol selection smart

2012-02-27 15:46:23 +01:00 · 2012-02-27 15:46:23 +01:00 · 74386d2d43
commit 74386d2d43
parent 21803c14fa
1 changed files with 11 additions and 5 deletions
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@ -1006,7 +1006,10 @@ class QubesVm(object):
        for rule in conf["rules"]:
            # For backward compatibility
            if "proto" not in rule:
+                if rule["portBegin"] is not None and rule["portBegin"] > 0:
                    rule["proto"] = "tcp"
+                else:
+                    rule["proto"] = "any"
            element = xml.etree.ElementTree.Element(
                    "rule",
                    address=rule["address"],
@ -1065,16 +1068,19 @@ class QubesVm(object):
                else:
                    rule["netmask"] = 32

-                # For backward compatibility default to tcp
-                if rule["proto"] is None:
-                    rule["proto"] = "tcp"
-
                if rule["port"] is not None:
                    rule["portBegin"] = int(rule["port"])
                else:
                    # backward compatibility
                    rule["portBegin"] = 0

+                # For backward compatibility
+                if rule["proto"] is None:
+                    if rule["portBegin"] > 0:
+                        rule["proto"] = "tcp"
+                    else:
+                        rule["proto"] = "any"
+
                if rule["toport"] is not None:
                    rule["portEnd"] = int(rule["toport"])
                else: