Added separation between external/internal in qdb_forward_entries

2021-06-29 13:15:14 +02:00 · 2021-06-29 13:15:14 +02:00 · 99ea8dddbe
commit 99ea8dddbe
parent 893d3f1a8e
1 changed files with 10 additions and 2 deletions
--- a/qubes/firewall.py
+++ b/qubes/firewall.py
@ -694,7 +694,10 @@ class Firewall:
        directly separate forwarding rules from standard rules since they need
        to be handled differently later.
        '''
-        entries = {}
+        entries = {
+            "internal": [],
+            "external": []
+        }
        if addr_family is not None:
            exclude_dsttype = 'dst4' if addr_family == 6 else 'dst6'
        for ruleno, rule in zip(itertools.count(), self.rules):
@ -706,5 +709,10 @@ class Firewall:
            # include only forwarding rules
            if rule.action != "forward":
                continue
-            entries['{:04}'.format(ruleno)] = rule.rule
+            if rule.forwardtype == "internal":
+                entries["internal"]['{:04}'.format(ruleno)] = rule.rule
+            elif rule.forwardype == "external":
+                entries["external"]['{:04}'.format(ruleno)] = rule.rule
+            else:
+                raise ValueError('invalid forwardtype for rule')
        return entries