dom0/qubes-firewall: make protocol selection smart

2012-02-27 15:46:23 +01:00 · 2012-02-27 15:46:23 +01:00 · c013de4747
commit c013de4747
parent a0e9feef92
1 changed files with 11 additions and 5 deletions
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@ -995,7 +995,10 @@ class QubesVm(object):
        for rule in conf["rules"]:
            # For backward compatibility
            if "proto" not in rule:
-                rule["proto"] = "tcp"
+                if rule["portBegin"] is not None and rule["portBegin"] > 0:
+                    rule["proto"] = "tcp"
+                else:
+                    rule["proto"] = "any"
            element = xml.etree.ElementTree.Element(
                    "rule",
                    address=rule["address"],
@ -1054,16 +1057,19 @@ class QubesVm(object):
                else:
                    rule["netmask"] = 32

-                # For backward compatibility default to tcp
-                if rule["proto"] is None:
-                    rule["proto"] = "tcp"
-
                if rule["port"] is not None:
                    rule["portBegin"] = int(rule["port"])
                else:
                    # backward compatibility
                    rule["portBegin"] = 0

+                # For backward compatibility
+                if rule["proto"] is None:
+                    if rule["portBegin"] > 0:
+                        rule["proto"] = "tcp"
+                    else:
+                        rule["proto"] = "any"
+
                if rule["toport"] is not None:
                    rule["portEnd"] = int(rule["toport"])
                else: