firewall: check for 'qubes-firewall' feature instead of being ProxyVM

This enable better detection whether firewall settings will really be respected. Fixes QubesOS/qubes-issues#2003
2017-07-16 10:50:07 +02:00 · 2017-07-16 10:50:07 +02:00 · 402f1db80d
commit 402f1db80d
parent 576299afea
2 changed files with 9 additions and 13 deletions
--- a/qubesmanager/firewall.py
+++ b/qubesmanager/firewall.py
@ -383,13 +383,6 @@ class QubesFirewallRulesModel(QAbstractItemModel):
        if self.fw_changed:
            self.write_firewall_conf(self.__vm, conf)
            if self.__vm.is_running():
                vm = self.__vm.netvm
                while vm is not None:
                    if vm.is_proxyvm() and vm.is_running():
                        vm.write_iptables_qubesdb_entry()
                    vm = vm.netvm
    def index(self, row, column, parent=QModelIndex()):
        if not self.hasIndex(row, column, parent):
            return QModelIndex()
--- a/qubesmanager/settings.py
+++ b/qubesmanager/settings.py
@ -200,14 +200,17 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
    def current_tab_changed(self, idx):
        if idx == self.tabs_indices["firewall"]:
-            if self.vm.netvm is not None and not self.vm.netvm.is_proxyvm():
+            netvm = self.vm.netvm
            if netvm is not None and \
                    not netvm.features.check_with_template('qubes-firewall', False):
                QMessageBox.warning(None,
                    self.tr("VM configuration problem!"),
-                    self.tr("The '{vm}' AppVM is not network connected to a "
+                    self.tr("The '{vm}' AppVM is network connected to "
-                    "FirewallVM!<p>"
+                        "'{netvm}', which does not support firewall!<br/>"
-                    "You may edit the '{vm}' VM firewall rules, but these "
+                        "You may edit the '{vm}' VM firewall rules, but these "
-                    "will not take any effect until you connect it to "
+                        "will not take any effect until you connect it to "
-                    "a working Firewall VM.").format(vm=self.vm.name))
+                        "a working Firewall VM.").format(
                            vm=self.vm.name, netvm=netvm.name))
    ######### basic tab