firewall: check for 'qubes-firewall' feature instead of being ProxyVM

This enable better detection whether firewall settings will really be
respected.

Fixes QubesOS/qubes-issues#2003
This commit is contained in:
Marek Marczykowski-Górecki 2017-07-16 10:50:07 +02:00
parent 576299afea
commit 402f1db80d
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
2 changed files with 9 additions and 13 deletions

View File

@ -383,13 +383,6 @@ class QubesFirewallRulesModel(QAbstractItemModel):
if self.fw_changed:
self.write_firewall_conf(self.__vm, conf)
if self.__vm.is_running():
vm = self.__vm.netvm
while vm is not None:
if vm.is_proxyvm() and vm.is_running():
vm.write_iptables_qubesdb_entry()
vm = vm.netvm
def index(self, row, column, parent=QModelIndex()):
if not self.hasIndex(row, column, parent):
return QModelIndex()

View File

@ -200,14 +200,17 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
def current_tab_changed(self, idx):
if idx == self.tabs_indices["firewall"]:
if self.vm.netvm is not None and not self.vm.netvm.is_proxyvm():
netvm = self.vm.netvm
if netvm is not None and \
not netvm.features.check_with_template('qubes-firewall', False):
QMessageBox.warning(None,
self.tr("VM configuration problem!"),
self.tr("The '{vm}' AppVM is not network connected to a "
"FirewallVM!<p>"
"You may edit the '{vm}' VM firewall rules, but these "
"will not take any effect until you connect it to "
"a working Firewall VM.").format(vm=self.vm.name))
self.tr("The '{vm}' AppVM is network connected to "
"'{netvm}', which does not support firewall!<br/>"
"You may edit the '{vm}' VM firewall rules, but these "
"will not take any effect until you connect it to "
"a working Firewall VM.").format(
vm=self.vm.name, netvm=netvm.name))
######### basic tab