|
@@ -292,13 +292,28 @@ class Rule(qubes.PropertyHolder):
|
|
|
if self.icmptype:
|
|
|
self.on_set_icmptype('property-set:icmptype', 'icmptype',
|
|
|
self.icmptype, None)
|
|
|
+ # dependencies for forwarding
|
|
|
+ if self.forwardtype:
|
|
|
+ self.on_set_forwardtype('property-set:forwardtype', 'forwardtype',
|
|
|
+ self.forwardtype, None)
|
|
|
+ if self.srcports:
|
|
|
+ self.on_set_srcports('property-set:srcports', 'srcports',
|
|
|
+ self.srcports, None)
|
|
|
self.property_require('action', False, True)
|
|
|
+ if self.action is 'forward':
|
|
|
+ self.property_require('forwardtype', False, True)
|
|
|
+ self.property_require('srcports', False, True)
|
|
|
|
|
|
action = qubes.property('action',
|
|
|
type=Action,
|
|
|
order=0,
|
|
|
doc='rule action')
|
|
|
|
|
|
+ forwardtype = qubes.property('forwardtype',
|
|
|
+ type=Action,
|
|
|
+ order=0,
|
|
|
+ doc='forwarding type (\'internal\' or \'external\')')
|
|
|
+
|
|
|
proto = qubes.property('proto',
|
|
|
type=Proto,
|
|
|
default=None,
|
|
@@ -317,6 +332,12 @@ class Rule(qubes.PropertyHolder):
|
|
|
order=2,
|
|
|
doc='Destination port(s) (for \'tcp\' and \'udp\' protocol only)')
|
|
|
|
|
|
+ srcports = qubes.property('srcports',
|
|
|
+ type=DstPorts,
|
|
|
+ default=None,
|
|
|
+ order=2,
|
|
|
+ doc='Inbound port(s) (for forwarding only)')
|
|
|
+
|
|
|
icmptype = qubes.property('icmptype',
|
|
|
type=IcmpType,
|
|
|
default=None,
|
|
@@ -363,6 +384,20 @@ class Rule(qubes.PropertyHolder):
|
|
|
if newvalue not in ('icmp',):
|
|
|
self.icmptype = qubes.property.DEFAULT
|
|
|
|
|
|
+ @qubes.events.handler('property-pre-set:forwardtype')
|
|
|
+ def on_set_forwardtype(self, event, name, newvalue, oldvalue=None):
|
|
|
+ # pylint: disable=unused-argument
|
|
|
+ if self.action not 'forward':
|
|
|
+ raise ValueError(
|
|
|
+ 'forwardtype valid only for forward action')
|
|
|
+
|
|
|
+ @qubes.events.handler('property-pre-set:srcports')
|
|
|
+ def on_set_srcports(self, event, name, newvalue, oldvalue=None):
|
|
|
+ # pylint: disable=unused-argument
|
|
|
+ if self.action not 'forward':
|
|
|
+ raise ValueError(
|
|
|
+ 'srcports valid only for forward action')
|
|
|
+
|
|
|
@qubes.events.handler('property-reset:proto')
|
|
|
def on_reset_proto(self, event, name, oldvalue):
|
|
|
# pylint: disable=unused-argument
|