Support for forwardtype and srcports in qubesdb, define dproperty dependecies and basic checks

2021-06-22 19:33:30 +02:00 · 2021-06-22 19:33:30 +02:00 · dc615dae7f
commit dc615dae7f
parent a366eec201
1 changed files with 35 additions and 0 deletions
--- a/qubes/firewall.py
+++ b/qubes/firewall.py
@ -292,13 +292,28 @@ class Rule(qubes.PropertyHolder):
        if self.icmptype:
            self.on_set_icmptype('property-set:icmptype', 'icmptype',
                self.icmptype, None)
+        # dependencies for forwarding
+        if self.forwardtype:
+            self.on_set_forwardtype('property-set:forwardtype', 'forwardtype',
+                self.forwardtype, None)
+        if self.srcports:
+            self.on_set_srcports('property-set:srcports', 'srcports',
+                self.srcports, None)
        self.property_require('action', False, True)
+        if self.action is 'forward':
+            self.property_require('forwardtype', False, True)
+            self.property_require('srcports', False, True)

    action = qubes.property('action',
        type=Action,
        order=0,
        doc='rule action')

+    forwardtype = qubes.property('forwardtype',
+        type=Action,
+        order=0,
+        doc='forwarding type (\'internal\' or \'external\')')
+
    proto = qubes.property('proto',
        type=Proto,
        default=None,
@ -317,6 +332,12 @@ class Rule(qubes.PropertyHolder):
        order=2,
        doc='Destination port(s) (for \'tcp\' and \'udp\' protocol only)')

+    srcports = qubes.property('srcports',
+        type=DstPorts,
+        default=None,
+        order=2,
+        doc='Inbound port(s) (for forwarding only)')
+
    icmptype = qubes.property('icmptype',
        type=IcmpType,
        default=None,
@ -363,6 +384,20 @@ class Rule(qubes.PropertyHolder):
        if newvalue not in ('icmp',):
            self.icmptype = qubes.property.DEFAULT

+    @qubes.events.handler('property-pre-set:forwardtype')
+    def on_set_forwardtype(self, event, name, newvalue, oldvalue=None):
+        # pylint: disable=unused-argument
+        if self.action not 'forward':
+            raise ValueError(
+                'forwardtype valid only for forward action')
+
+    @qubes.events.handler('property-pre-set:srcports')
+    def on_set_srcports(self, event, name, newvalue, oldvalue=None):
+        # pylint: disable=unused-argument
+        if self.action not 'forward':
+            raise ValueError(
+                'srcports valid only for forward action')
+
    @qubes.events.handler('property-reset:proto')
    def on_reset_proto(self, event, name, oldvalue):
        # pylint: disable=unused-argument