dom0/qubes-firewall: make protocol selection smart

This commit is contained in:
Marek Marczykowski 2012-02-27 15:46:23 +01:00
parent a0e9feef92
commit c013de4747

View File

@ -995,7 +995,10 @@ class QubesVm(object):
for rule in conf["rules"]: for rule in conf["rules"]:
# For backward compatibility # For backward compatibility
if "proto" not in rule: if "proto" not in rule:
if rule["portBegin"] is not None and rule["portBegin"] > 0:
rule["proto"] = "tcp" rule["proto"] = "tcp"
else:
rule["proto"] = "any"
element = xml.etree.ElementTree.Element( element = xml.etree.ElementTree.Element(
"rule", "rule",
address=rule["address"], address=rule["address"],
@ -1054,16 +1057,19 @@ class QubesVm(object):
else: else:
rule["netmask"] = 32 rule["netmask"] = 32
# For backward compatibility default to tcp
if rule["proto"] is None:
rule["proto"] = "tcp"
if rule["port"] is not None: if rule["port"] is not None:
rule["portBegin"] = int(rule["port"]) rule["portBegin"] = int(rule["port"])
else: else:
# backward compatibility # backward compatibility
rule["portBegin"] = 0 rule["portBegin"] = 0
# For backward compatibility
if rule["proto"] is None:
if rule["portBegin"] > 0:
rule["proto"] = "tcp"
else:
rule["proto"] = "any"
if rule["toport"] is not None: if rule["toport"] is not None:
rule["portEnd"] = int(rule["toport"]) rule["portEnd"] = int(rule["toport"])
else: else: