|
@@ -223,23 +223,24 @@ class QubesFirewallRulesModel(QtCore.QAbstractItemModel):
|
|
|
allow_icmp = False
|
|
|
common_action = None
|
|
|
|
|
|
- reversed_rules = list(reversed(vm.firewall.rules))
|
|
|
- last_rule = reversed_rules.pop(0)
|
|
|
+ reversed_rules = reversed(vm.firewall.rules)
|
|
|
+ last_rule = next(reversed_rules, None)
|
|
|
+
|
|
|
+ if last_rule is None:
|
|
|
+ raise FirewallModifiedOutsideError('At least one rule must exist.')
|
|
|
|
|
|
if last_rule == qubesadmin.firewall.Rule('action=accept') \
|
|
|
or last_rule == qubesadmin.firewall.Rule('action=drop'):
|
|
|
common_action = last_rule.action
|
|
|
else:
|
|
|
- FirewallModifiedOutsideError('Last rule must be either '
|
|
|
- 'drop all or accept all.')
|
|
|
+ raise FirewallModifiedOutsideError('Last rule must be either '
|
|
|
+ 'drop all or accept all.')
|
|
|
|
|
|
dns_rule = qubesadmin.firewall.Rule(None,
|
|
|
action='accept', specialtarget='dns')
|
|
|
icmp_rule = qubesadmin.firewall.Rule(None,
|
|
|
action='accept', proto='icmp')
|
|
|
- while reversed_rules:
|
|
|
- rule = reversed_rules.pop(0)
|
|
|
-
|
|
|
+ for rule in reversed_rules:
|
|
|
if rule == dns_rule:
|
|
|
allow_dns = True
|
|
|
continue
|