diff --git a/qubesmanager/firewall.py b/qubesmanager/firewall.py
index ca79f07..7f5a6d5 100644
--- a/qubesmanager/firewall.py
+++ b/qubesmanager/firewall.py
@@ -26,6 +26,7 @@ import xml.etree.ElementTree
from PyQt4.QtCore import *
from PyQt4.QtGui import *
+import datetime
from qubes.qubes import QubesVmCollection
from qubes.qubes import QubesException
@@ -200,17 +201,23 @@ class QubesFirewallRulesModel(QAbstractItemModel):
self.allowDns = conf["allowDns"]
self.allowIcmp = conf["allowIcmp"]
self.allowYumProxy = conf["allowYumProxy"]
+ self.tempFullAccessExpireTime = 0
for rule in conf["rules"]:
self.appendChild(rule)
+ if "expire" in rule and rule["address"] == "0.0.0.0":
+ self.tempFullAccessExpireTime = rule["expire"]
def get_vm_name(self):
return self.__vm.name
- def apply_rules(self, allow, dns, icmp, yumproxy):
+ def apply_rules(self, allow, dns, icmp, yumproxy, tempFullAccess=False,
+ tempFullAccessTime=None):
assert self.__vm is not None
- if(self.allow != allow or self.allowDns != dns or self.allowIcmp != icmp or self.allowYumProxy != yumproxy):
+ if self.allow != allow or self.allowDns != dns or \
+ self.allowIcmp != icmp or self.allowYumProxy != yumproxy or \
+ (self.tempFullAccessExpireTime != 0) != tempFullAccess:
self.fw_changed = True
conf = { "allow": allow,
@@ -221,8 +228,25 @@ class QubesFirewallRulesModel(QAbstractItemModel):
}
for rule in self.children:
+ if "expire" in rule and rule["address"] == "0.0.0.0" and \
+ rule["netmask"] == 0 and rule["proto"] == "any":
+ # rule already present, update its time
+ if tempFullAccess:
+ rule["expire"] = \
+ int(datetime.datetime.now().strftime("%s")) + \
+ tempFullAccessTime*60
+ tempFullAccess = False
conf["rules"].append(rule)
+ if tempFullAccess and not allow:
+ conf["rules"].append({"address": "0.0.0.0",
+ "netmask": 0,
+ "proto": "any",
+ "expire": int(
+ datetime.datetime.now().strftime("%s"))+\
+ tempFullAccessTime*60
+ })
+
if self.fw_changed:
self.__vm.write_firewall_conf(conf)
diff --git a/qubesmanager/settings.py b/qubesmanager/settings.py
index fe13944..beb4f9e 100755
--- a/qubesmanager/settings.py
+++ b/qubesmanager/settings.py
@@ -102,6 +102,8 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
self.newRuleButton.clicked.connect(self.new_rule_button_pressed)
self.editRuleButton.clicked.connect(self.edit_rule_button_pressed)
self.deleteRuleButton.clicked.connect(self.delete_rule_button_pressed)
+ self.policyDenyRadioButton.clicked.connect(self.policy_changed)
+ self.policyAllowRadioButton.clicked.connect(self.policy_changed)
####### devices tab
self.__init_devices_tab__()
@@ -179,7 +181,9 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
self.fw_model.apply_rules(self.policyAllowRadioButton.isChecked(),
self.dnsCheckBox.isChecked(),
self.icmpCheckBox.isChecked(),
- self.yumproxyCheckBox.isChecked())
+ self.yumproxyCheckBox.isChecked(),
+ self.tempFullAccess.isChecked(),
+ self.tempFullAccessTime.value())
except Exception as ex:
ret += ["Firewall tab:", str(ex)]
@@ -782,10 +786,19 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
self.dnsCheckBox.setChecked(model.allowDns)
self.icmpCheckBox.setChecked(model.allowIcmp)
self.yumproxyCheckBox.setChecked(model.allowYumProxy)
+ if model.tempFullAccessExpireTime:
+ self.tempFullAccess.setChecked(True)
+ self.tempFullAccessTime.setValue(
+ (model.tempFullAccessExpireTime -
+ int(datetime.datetime.now().strftime("%s")))/60)
def set_allow(self, allow):
self.policyAllowRadioButton.setChecked(allow)
self.policyDenyRadioButton.setChecked(not allow)
+ self.policy_changed(allow)
+
+ def policy_changed(self, checked):
+ self.tempFullAccessWidget.setEnabled(self.policyDenyRadioButton.isChecked())
def new_rule_button_pressed(self):
dialog = NewFwRuleDlg()
diff --git a/settingsdlg.ui b/settingsdlg.ui
index 953aa19..93ea09f 100644
--- a/settingsdlg.ui
+++ b/settingsdlg.ui
@@ -29,7 +29,7 @@
- 0
+ 2
@@ -922,6 +922,41 @@
+ -
+
+
+ true
+
+
+
+ 0
+
+
+ 0
+
+
+ 0
+
+
-
+
+
+ Allow full access for
+
+
+
+ -
+
+
+ min
+
+
+ 5
+
+
+
+
+
+