Settings window: do not crash when there is no firewall rule
When all firewall rules are removed, qubes-vm-settings crashed
trying to check if the last rule accepts or drops all packages.
It is now verifies that there is a last rule.
Also, it is now properly verified that the last rule accept
or drops all packages.
Associated stack trace:
----
line: last_rule = reversed_rules.pop(0)
func: get_firewall_conf
line no.: 227
file: /usr/lib/python3.5/site-packages/qubesmanager/firewall.py
----
line: conf = self.get_firewall_conf(vm)
func: set_vm
line no.: 308
file: /usr/lib/python3.5/site-packages/qubesmanager/firewall.py
----
line: model.set_vm(vm)
func: __init__
line no.: 111
file: /usr/lib/python3.5/site-packages/qubesmanager/settings.py
----
line: settings_window = VMSettingsWindow(vm, qapp, args.tab)
func: main
line no.: 1133
file: /usr/lib/python3.5/site-packages/qubesmanager/settings.py
----
line: load_entry_point('qubesmanager==4.0.17', 'console_scripts', 'qubes-vm-settings')()
func: <module>
line no.: 9
file: /usr/bin/qubes-vm-settings
This commit is contained in:
Peter Gerber
parent
3ec089f827
commit
031ad02ff6
@ -223,23 +223,24 @@ class QubesFirewallRulesModel(QtCore.QAbstractItemModel):
|
|||||||
allow_icmp = False
|
allow_icmp = False
|
||||||
common_action = None
|
common_action = None
|
||||||
|
|
||||||
reversed_rules = list(reversed(vm.firewall.rules))
|
reversed_rules = reversed(vm.firewall.rules)
|
||||||
last_rule = reversed_rules.pop(0)
|
last_rule = next(reversed_rules, None)
|
||||||
|
|
||||||
|
if last_rule is None:
|
||||||
|
raise FirewallModifiedOutsideError('At least one rule must exist.')
|
||||||
|
|
||||||
if last_rule == qubesadmin.firewall.Rule('action=accept') \
|
if last_rule == qubesadmin.firewall.Rule('action=accept') \
|
||||||
or last_rule == qubesadmin.firewall.Rule('action=drop'):
|
or last_rule == qubesadmin.firewall.Rule('action=drop'):
|
||||||
common_action = last_rule.action
|
common_action = last_rule.action
|
||||||
else:
|
else:
|
||||||
FirewallModifiedOutsideError('Last rule must be either '
|
raise FirewallModifiedOutsideError('Last rule must be either '
|
||||||
'drop all or accept all.')
|
'drop all or accept all.')
|
||||||
|
|
||||||
dns_rule = qubesadmin.firewall.Rule(None,
|
dns_rule = qubesadmin.firewall.Rule(None,
|
||||||
action='accept', specialtarget='dns')
|
action='accept', specialtarget='dns')
|
||||||
icmp_rule = qubesadmin.firewall.Rule(None,
|
icmp_rule = qubesadmin.firewall.Rule(None,
|
||||||
action='accept', proto='icmp')
|
action='accept', proto='icmp')
|
||||||
while reversed_rules:
|
for rule in reversed_rules:
|
||||||
rule = reversed_rules.pop(0)
|
|
||||||
|
|
||||||
if rule == dns_rule:
|
if rule == dns_rule:
|
||||||
allow_dns = True
|
allow_dns = True
|
||||||
continue
|
continue
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user