firewall: simplify rules handling code
Use directly rule provided by qubes core, not intermediate class QubesFirewallRuleItem. This also will improve compatibility - if no firewall changes made (but still "OK" clicked instead of "Cancel") really the same settings are saved, even if rules contains some not supported by Qubes Manager attributes.
This commit is contained in:
Marek Marczykowski-Górecki
parent
f79a1ed42e
commit
3b3846eeb5
@ -128,59 +128,22 @@ class NewFwRuleDlg (QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg):
|
|||||||
if checked:
|
if checked:
|
||||||
self.serviceComboBox.setEnabled(False)
|
self.serviceComboBox.setEnabled(False)
|
||||||
|
|
||||||
|
|
||||||
class QubesFirewallRuleItem(object):
|
|
||||||
def __init__(self, address = str(), netmask = 32, portBegin = 0, portEnd = None, protocol = "any"):
|
|
||||||
self.__address = address
|
|
||||||
self.__netmask = netmask
|
|
||||||
self.__portBegin = portBegin
|
|
||||||
self.__portEnd = portEnd
|
|
||||||
self.__protocol = protocol
|
|
||||||
|
|
||||||
@property
|
|
||||||
def address(self):
|
|
||||||
return self.__address
|
|
||||||
|
|
||||||
@property
|
|
||||||
def netmask(self):
|
|
||||||
return self.__netmask
|
|
||||||
|
|
||||||
@property
|
|
||||||
def portBegin(self):
|
|
||||||
return self.__portBegin
|
|
||||||
|
|
||||||
@property
|
|
||||||
def portEnd(self):
|
|
||||||
return self.__portEnd
|
|
||||||
|
|
||||||
@property
|
|
||||||
def protocol(self):
|
|
||||||
return self.__protocol
|
|
||||||
|
|
||||||
def hasChildren(self):
|
|
||||||
return False
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class QubesFirewallRulesModel(QAbstractItemModel):
|
class QubesFirewallRulesModel(QAbstractItemModel):
|
||||||
def __init__(self, parent=None):
|
def __init__(self, parent=None):
|
||||||
QAbstractItemModel.__init__(self, parent)
|
QAbstractItemModel.__init__(self, parent)
|
||||||
|
|
||||||
self.__columnValues = {
|
self.__columnValues = {
|
||||||
0: lambda x: "*" if self.children[x].address == "0.0.0.0" and self.children[x].netmask == 0 \
|
0: lambda x: "*" if self.children[x]["address"] == "0.0.0.0" and
|
||||||
else self.children[x].address + ("" if self.children[x].netmask == 32 \
|
self.children[x]["netmask"] == 0 else
|
||||||
else " /{0}".format(self.children[x].netmask)),
|
self.children[x]["address"] + ("" if self.children[x][ "netmask"] == 32 else
|
||||||
1: lambda x: "any" if self.children[x].portBegin == 0 \
|
" /{0}".format(self.children[x][
|
||||||
else "{0}-{1}".format(self.children[x].portBegin, self.children[x].portEnd) if self.children[x].portEnd is not None \
|
"netmask"])),
|
||||||
else self.get_service_name(self.children[x].portBegin),
|
1: lambda x: "any" if self.children[x]["portBegin"] == 0 else
|
||||||
2: lambda x: self.children[x].protocol,
|
"{0}-{1}".format(self.children[x]["portBegin"], self.children[x][
|
||||||
}
|
"portEnd"]) if self.children[x]["portEnd"] is not None else \
|
||||||
self.__columnNames = {
|
self.get_service_name(self.children[x]["portBegin"]),
|
||||||
0: "Address",
|
2: lambda x: self.children[x]["proto"], }
|
||||||
1: "Service",
|
self.__columnNames = {0: "Address", 1: "Service", 2: "Protocol", }
|
||||||
2: "Protocol",
|
|
||||||
}
|
|
||||||
|
|
||||||
self.__services = list()
|
self.__services = list()
|
||||||
pattern = re.compile("(?P<name>[a-z][a-z0-9-]+)\s+(?P<port>[0-9]+)/(?P<protocol>[a-z]+)", re.IGNORECASE)
|
pattern = re.compile("(?P<name>[a-z][a-z0-9-]+)\s+(?P<port>[0-9]+)/(?P<protocol>[a-z]+)", re.IGNORECASE)
|
||||||
f = open('/etc/services', 'r')
|
f = open('/etc/services', 'r')
|
||||||
@ -198,11 +161,14 @@ class QubesFirewallRulesModel(QAbstractItemModel):
|
|||||||
|
|
||||||
rev = (order == Qt.AscendingOrder)
|
rev = (order == Qt.AscendingOrder)
|
||||||
if idx==0:
|
if idx==0:
|
||||||
self.children.sort(key=attrgetter('address'), reverse = rev)
|
self.children.sort(key=lambda x: x['address'], reverse = rev)
|
||||||
if idx==1:
|
if idx==1:
|
||||||
self.children.sort(key=lambda x: self.get_service_name(x.portBegin) if x.portEnd == None else x.portBegin, reverse = rev)
|
self.children.sort(key=lambda x: self.get_service_name(x[
|
||||||
|
"portBegin"]) if x["portEnd"] == None else x["portBegin"],
|
||||||
|
reverse = rev)
|
||||||
if idx==2:
|
if idx==2:
|
||||||
self.children.sort(key=attrgetter('protocol'), reverse = rev)
|
self.children.sort(key=lambda x: x['proto'], reverse
|
||||||
|
= rev)
|
||||||
index1 = self.createIndex(0, 0)
|
index1 = self.createIndex(0, 0)
|
||||||
index2 = self.createIndex(len(self)-1, len(self.__columnValues)-1)
|
index2 = self.createIndex(len(self)-1, len(self.__columnValues)-1)
|
||||||
self.dataChanged.emit(index1, index2)
|
self.dataChanged.emit(index1, index2)
|
||||||
@ -236,9 +202,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
|
|||||||
self.allowYumProxy = conf["allowYumProxy"]
|
self.allowYumProxy = conf["allowYumProxy"]
|
||||||
|
|
||||||
for rule in conf["rules"]:
|
for rule in conf["rules"]:
|
||||||
self.appendChild(QubesFirewallRuleItem(
|
self.appendChild(rule)
|
||||||
rule["address"], rule["netmask"], rule["portBegin"], rule["portEnd"], rule["proto"]
|
|
||||||
))
|
|
||||||
|
|
||||||
def get_vm_name(self):
|
def get_vm_name(self):
|
||||||
return self.__vm.name
|
return self.__vm.name
|
||||||
@ -257,15 +221,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
|
|||||||
}
|
}
|
||||||
|
|
||||||
for rule in self.children:
|
for rule in self.children:
|
||||||
conf["rules"].append(
|
conf["rules"].append(rule)
|
||||||
{
|
|
||||||
"address": rule.address,
|
|
||||||
"netmask": rule.netmask,
|
|
||||||
"portBegin": rule.portBegin,
|
|
||||||
"portEnd": rule.portEnd,
|
|
||||||
"proto": rule.protocol,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
if self.fw_changed:
|
if self.fw_changed:
|
||||||
self.__vm.write_firewall_conf(conf)
|
self.__vm.write_firewall_conf(conf)
|
||||||
@ -295,7 +251,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
|
|||||||
def hasChildren(self, index=QModelIndex()):
|
def hasChildren(self, index=QModelIndex()):
|
||||||
parentItem = index.internalPointer()
|
parentItem = index.internalPointer()
|
||||||
if parentItem is not None:
|
if parentItem is not None:
|
||||||
return parentItem.hasChildren()
|
return False
|
||||||
else:
|
else:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
@ -323,6 +279,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
|
|||||||
self.endInsertRows()
|
self.endInsertRows()
|
||||||
index = self.createIndex(row, 0, child)
|
index = self.createIndex(row, 0, child)
|
||||||
self.dataChanged.emit(index, index)
|
self.dataChanged.emit(index, index)
|
||||||
|
self.fw_changed = True
|
||||||
|
|
||||||
def removeChild(self, i):
|
def removeChild(self, i):
|
||||||
if i >= len(self):
|
if i >= len(self):
|
||||||
@ -333,11 +290,13 @@ class QubesFirewallRulesModel(QAbstractItemModel):
|
|||||||
self.endRemoveRows()
|
self.endRemoveRows()
|
||||||
index = self.createIndex(i, 0)
|
index = self.createIndex(i, 0)
|
||||||
self.dataChanged.emit(index, index)
|
self.dataChanged.emit(index, index)
|
||||||
|
self.fw_changed = True
|
||||||
|
|
||||||
def setChild(self, i, child):
|
def setChild(self, i, child):
|
||||||
self.children[i] = child
|
self.children[i] = child
|
||||||
index = self.createIndex(i, 0, child)
|
index = self.createIndex(i, 0, child)
|
||||||
self.dataChanged.emit(index, index)
|
self.dataChanged.emit(index, index)
|
||||||
|
self.fw_changed = True
|
||||||
|
|
||||||
def clearChildren(self):
|
def clearChildren(self):
|
||||||
self.__children = list()
|
self.__children = list()
|
||||||
|
|||||||
@ -818,7 +818,6 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
|
|||||||
def delete_rule_button_pressed(self):
|
def delete_rule_button_pressed(self):
|
||||||
for i in set([index.row() for index in self.rulesTreeView.selectedIndexes()]):
|
for i in set([index.row() for index in self.rulesTreeView.selectedIndexes()]):
|
||||||
self.fw_model.removeChild(i)
|
self.fw_model.removeChild(i)
|
||||||
self.fw_model.fw_changed = True
|
|
||||||
|
|
||||||
def run_rule_dialog(self, dialog, row = None):
|
def run_rule_dialog(self, dialog, row = None):
|
||||||
if dialog.exec_():
|
if dialog.exec_():
|
||||||
@ -846,6 +845,8 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
|
|||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
elif dialog.udp_radio.isChecked():
|
elif dialog.udp_radio.isChecked():
|
||||||
protocol = "udp"
|
protocol = "udp"
|
||||||
|
else:
|
||||||
|
protocol = "any"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
range = service.split("-", 1)
|
range = service.split("-", 1)
|
||||||
@ -861,13 +862,16 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
|
|||||||
if port2 is not None and port2 <= port:
|
if port2 is not None and port2 <= port:
|
||||||
QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port))
|
QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port))
|
||||||
else:
|
else:
|
||||||
item = QubesFirewallRuleItem(address, netmask, port, port2, protocol)
|
item = {"address": address,
|
||||||
|
"netmask": netmask,
|
||||||
|
"portBegin": port,
|
||||||
|
"portEnd": port2,
|
||||||
|
"proto": protocol,
|
||||||
|
}
|
||||||
if row is not None:
|
if row is not None:
|
||||||
self.fw_model.setChild(row, item)
|
self.fw_model.setChild(row, item)
|
||||||
self.fw_model.fw_changed = True
|
|
||||||
else:
|
else:
|
||||||
self.fw_model.appendChild(item)
|
self.fw_model.appendChild(item)
|
||||||
self.fw_model.fw_changed = True
|
|
||||||
else:
|
else:
|
||||||
QMessageBox.warning(None, "Invalid service name", "Service '{0} is unknown.".format(service))
|
QMessageBox.warning(None, "Invalid service name", "Service '{0} is unknown.".format(service))
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user