Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

firewall: add clone and comparing methods, missing docstrings

Browse Source
This commit is contained in:
Marek Marczykowski-Górecki 2017-05-15 13:04:59 +02:00
parent 8de82f390e
commit b4ad5f0149
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
qubes/firewall.py
View File

@ -361,6 +361,7 @@ class Rule(qubes.PropertyHolder):
def __eq__(self, other): def __eq__(self, other):
return self.rule == other.rule return self.rule == other.rule
class Firewall(object): class Firewall(object):
def __init__(self, vm, load=True): def __init__(self, vm, load=True):
assert hasattr(vm, 'firewall_conf') assert hasattr(vm, 'firewall_conf')
@ -373,11 +374,32 @@ class Firewall(object):
if load: if load:
self.load() self.load()
def __eq__(self, other):
if isinstance(other, Firewall):
return self.policy == other.policy and self.rules == other.rules
return NotImplemented
def load_defaults(self): def load_defaults(self):
'''Load default firewall settings'''
self.rules = [] self.rules = []
self.policy = Action('accept') self.policy = Action('accept')
def clone(self, other):
'''Clone firewall settings from other instance.
This method discards pre-existing firewall settings.
:param other: other :py:class:`Firewall` instance
'''
self.policy = other.policy
rules = []
for rule in other.rules:
new_rule = Rule()
new_rule.clone_properties(rule)
rules.append(new_rule)
self.rules = rules
def load(self): def load(self):
'''Load firewall settings from a file'''
firewall_conf = os.path.join(self.vm.dir_path, self.vm.firewall_conf) firewall_conf = os.path.join(self.vm.dir_path, self.vm.firewall_conf)
if os.path.exists(firewall_conf): if os.path.exists(firewall_conf):
self.rules = [] self.rules = []
@ -396,6 +418,7 @@ class Firewall(object):
self.load_defaults() self.load_defaults()
def load_v1(self, xml_root): def load_v1(self, xml_root):
'''Load old (Qubes < 4.0) firewall XML format'''
policy_v1 = xml_root.get('policy') policy_v1 = xml_root.get('policy')
assert policy_v1 in ('allow', 'deny') assert policy_v1 in ('allow', 'deny')
if policy_v1 == 'allow': if policy_v1 == 'allow':
@ -426,6 +449,7 @@ class Firewall(object):
self.rules.append(rule) self.rules.append(rule)
def load_v2(self, xml_root): def load_v2(self, xml_root):
'''Load new (Qubes >= 4.0) firewall XML format'''
self.policy = Action(xml_root.findtext('policy')) self.policy = Action(xml_root.findtext('policy'))
xml_rules = xml_root.find('rules') xml_rules = xml_root.find('rules')
@ -434,6 +458,7 @@ class Firewall(object):
self.rules.append(rule) self.rules.append(rule)
def save(self): def save(self):
'''Save firewall rules to a file'''
firewall_conf = os.path.join(self.vm.dir_path, self.vm.firewall_conf) firewall_conf = os.path.join(self.vm.dir_path, self.vm.firewall_conf)
expiring_rules_present = False expiring_rules_present = False
@ -476,6 +501,11 @@ class Firewall(object):
def qdb_entries(self, addr_family=None): def qdb_entries(self, addr_family=None):
'''Return firewall settings serialized for QubesDB entries
:param addr_family: include rules only for IPv4 (4) or IPv6 (6); if
None, include both
'''
entries = { entries = {
'policy': str(self.policy) 'policy': str(self.policy)
} }