Firewall rules window moved to settings tab.

qubesmanager/firewall.py

@@ -31,106 +31,8 @@ from qubes.qubes import QubesVmCollection
 from qubes.qubes import QubesException
 from qubes.qubes import dry_run
 
-import ui_editfwrulesdlg
 import ui_newfwruledlg
 
-class EditFwRulesDlg (QDialog, ui_editfwrulesdlg.Ui_EditFwRulesDlg):
-    def __init__(self, parent = None):
-        super (EditFwRulesDlg, self).__init__(parent)
-        self.setupUi(self)
-        self.newRuleButton.clicked.connect(self.new_rule_button_pressed)
-        self.editRuleButton.clicked.connect(self.edit_rule_button_pressed)
-        self.deleteRuleButton.clicked.connect(self.delete_rule_button_pressed)
-        self.policyAllowRadioButton.toggled.connect(self.policy_radio_toggled)
-        self.dnsCheckBox.toggled.connect(self.dns_checkbox_toggled)
-        self.icmpCheckBox.toggled.connect(self.icmp_checkbox_toggled)
-
-    def set_model(self, model):
-        self.__model = model
-        self.rulesTreeView.setModel(model)
-        self.rulesTreeView.header().setResizeMode(QHeaderView.ResizeToContents)
-        self.rulesTreeView.header().setResizeMode(0, QHeaderView.Stretch)
-        self.set_allow(model.allow)
-        self.dnsCheckBox.setChecked(model.allowDns)
-        self.icmpCheckBox.setChecked(model.allowIcmp)
-        self.setWindowTitle(model.get_vm_name() + " firewall")
-
-    def set_allow(self, allow):
-        self.policyAllowRadioButton.setChecked(allow)
-        self.policyDenyRadioButton.setChecked(not allow)
-
-    def policy_radio_toggled(self, on):
-        self.__model.allow = self.policyAllowRadioButton.isChecked()
-
-    def dns_checkbox_toggled(self, on):
-        self.__model.allowDns = on
-
-    def icmp_checkbox_toggled(self, on):
-        self.__model.allowIcmp = on
-
-    def new_rule_button_pressed(self):
-        dialog = NewFwRuleDlg()
-        self.run_rule_dialog(dialog)
-
-    def edit_rule_button_pressed(self):
-        dialog = NewFwRuleDlg()
-        dialog.set_ok_enabled(True)
-        selected = self.rulesTreeView.selectedIndexes()
-        if len(selected) > 0:
-            row = self.rulesTreeView.selectedIndexes().pop().row()
-            address = self.__model.get_column_string(0, row).replace(' ', '')
-            dialog.addressComboBox.setItemText(0, address)
-            dialog.addressComboBox.setCurrentIndex(0)
-            service = self.__model.get_column_string(1, row)
-            dialog.serviceComboBox.setItemText(0, service)
-            dialog.serviceComboBox.setCurrentIndex(0)
-            self.run_rule_dialog(dialog, row)
-
-    def run_rule_dialog(self, dialog, row = None):
-        if dialog.exec_():
-            address = str(dialog.addressComboBox.currentText())
-            service = str(dialog.serviceComboBox.currentText())
-            port = None
-            port2 = None
-
-            unmask = address.split("/", 1)
-            if len(unmask) == 2:
-                address = unmask[0]
-                netmask = int(unmask[1])
-            else:
-                netmask = 32
-
-            if address == "*":
-                address = "0.0.0.0"
-                netmask = 0
-
-            if service == "*":
-                service = "0"
-            try:
-                range = service.split("-", 1)
-                if len(range) == 2:
-                    port = int(range[0])
-                    port2 = int(range[1])
-                else:
-                    port = int(service)
-            except (TypeError, ValueError) as ex:
-                port = self.__model.get_service_port(service)
-
-            if port is not None:
-                if port2 is not None and port2 <= port:
-                    QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port))
-                else:
-                    item = QubesFirewallRuleItem(address, netmask, port, port2)
-                    if row is not None:
-                        self.__model.setChild(row, item)
-                    else:
-                        self.__model.appendChild(item)
-            else:
-                QMessageBox.warning(None, "Invalid service name", "Service '{0} is unknown.".format(service))
-
-    def delete_rule_button_pressed(self):
-        for i in set([index.row() for index in self.rulesTreeView.selectedIndexes()]):
-            self.__model.removeChild(i)
 
 class QIPAddressValidator(QValidator):
     def __init__(self, parent = None):
@@ -397,3 +299,4 @@ class QubesFirewallRulesModel(QAbstractItemModel):
 
     def __len__(self):
         return len(self.children)
+

qubesmanager/main.py

@@ -43,8 +43,6 @@ from restore import RestoreVMsWindow
 from backup import BackupVMsWindow
 from global_settings import GlobalSettingsWindow
 
-from firewall import EditFwRulesDlg, QubesFirewallRulesModel
-
 from pyinotify import WatchManager, Notifier, ThreadedNotifier, EventsCodes, ProcessEvent
 
 import subprocess
@@ -1198,17 +1196,8 @@ class VmManagerWindow(Ui_VmManagerWindow, QMainWindow):
     @pyqtSlot(name='on_action_editfwrules_triggered')
     def action_editfwrules_triggered(self):
         vm = self.get_selected_vm()
-        dialog = EditFwRulesDlg()
-        model = QubesFirewallRulesModel()
-        model.set_vm(vm)
-        dialog.set_model(model)
-
-        if vm.netvm_vm is not None and not vm.netvm_vm.is_proxyvm():
-            QMessageBox.warning (None, "VM configuration problem!", "The '{0}' AppVM is not network connected to a FirewallVM!<p>".format(vm.name) +\
-                    "You may edit the '{0}' VM firewall rules, but these will not take any effect until you connect it to a working Firewall VM.".format(vm.name))
-
-        if dialog.exec_():
-            model.apply_rules()
+        settings_window = VMSettingsWindow(vm, app, "firewall")
+        settings_window.exec_()
 
     @pyqtSlot(name='on_action_global_settings_triggered')
     def action_global_settings_triggered(self):

qubesmanager/settings.py

@@ -46,6 +46,7 @@ from operator import itemgetter
 from ui_settingsdlg import *
 from multiselectwidget import *
 from appmenu_select import *
+from firewall import *
 
 
 class VMSettingsWindow(Ui_SettingsDialog, QDialog):
@@ -59,6 +60,13 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
     def __init__(self, vm, app, init_page="basic", parent=None):
         super(VMSettingsWindow, self).__init__(parent)
 
+        self.app = app
+        self.vm = vm
+        if self.vm.template_vm:
+            self.source_vm = self.vm.template_vm
+        else:
+            self.source_vm = self.vm
+ 
         self.setupUi(self)
         if init_page in self.tabs_indices:
             idx = self.tabs_indices[init_page]
@@ -68,19 +76,29 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
         self.connect(self.buttonBox, SIGNAL("accepted()"), self.save_and_apply)
         self.connect(self.buttonBox, SIGNAL("rejected()"), self.reject)
 
-        self.app_list = MultiSelectWidget(self)
-        self.dev_list = MultiSelectWidget(self)
+        self.tabWidget.currentChanged.connect(self.current_tab_changed)
+
+        ###### firewall tab
+
+        model = QubesFirewallRulesModel()
+        model.set_vm(vm)
+        self.set_fw_model(model)
+
         
-        self.apps_layout.addWidget(self.app_list)
+        self.newRuleButton.clicked.connect(self.new_rule_button_pressed)
+        self.editRuleButton.clicked.connect(self.edit_rule_button_pressed)
+        self.deleteRuleButton.clicked.connect(self.delete_rule_button_pressed)
+        self.policyAllowRadioButton.toggled.connect(self.policy_radio_toggled)
+        self.dnsCheckBox.toggled.connect(self.dns_checkbox_toggled)
+        self.icmpCheckBox.toggled.connect(self.icmp_checkbox_toggled)
+
+        ####### devices tab
+        self.dev_list = MultiSelectWidget(self)
         self.devices_layout.addWidget(self.dev_list)
-
-        self.app = app
-        self.vm = vm
-        if self.vm.template_vm:
-            self.source_vm = self.vm.template_vm
-        else:
-            self.source_vm = self.vm
-         
+ 
+        ####### apps tab
+        self.app_list = MultiSelectWidget(self)
+        self.apps_layout.addWidget(self.app_list)
         self.AppListManager = AppmenuSelectManager(self.vm, self.app_list)
 
     def reject(self):
@@ -113,9 +131,106 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
         self.done(0)
 
     def __save_changes__(self, thread_monitor):
+        self.fw_model.apply_rules()
         self.AppListManager.save_appmenu_select_changes()
         thread_monitor.set_finished()
 
+    def current_tab_changed(self, idx):
+        if idx == self.tabs_indices["firewall"]:
+            if self.vm.netvm_vm is not None and not self.vm.netvm_vm.is_proxyvm():
+                QMessageBox.warning (None, "VM configuration problem!", "The '{0}' AppVM is not network connected to a FirewallVM!<p>".format(self.vm.name) +\
+                    "You may edit the '{0}' VM firewall rules, but these will not take any effect until you connect it to a working Firewall VM.".format(self.vm.name))
+
+
+
+    ######### firewall tab related
+
+    def set_fw_model(self, model):
+        self.fw_model = model
+        self.rulesTreeView.setModel(model)
+        self.rulesTreeView.header().setResizeMode(QHeaderView.ResizeToContents)
+        self.rulesTreeView.header().setResizeMode(0, QHeaderView.Stretch)
+        self.set_allow(model.allow)
+        self.dnsCheckBox.setChecked(model.allowDns)
+        self.icmpCheckBox.setChecked(model.allowIcmp)
+
+    def set_allow(self, allow):
+        self.policyAllowRadioButton.setChecked(allow)
+        self.policyDenyRadioButton.setChecked(not allow)
+
+    def policy_radio_toggled(self, on):
+        self.fw_model.allow = self.policyAllowRadioButton.isChecked()
+
+    def dns_checkbox_toggled(self, on):
+        self.fw_model.allowDns = on
+
+    def icmp_checkbox_toggled(self, on):
+        self.fw_model.allowIcmp = on
+
+    def new_rule_button_pressed(self):
+        dialog = NewFwRuleDlg()
+        self.run_rule_dialog(dialog)
+
+    def edit_rule_button_pressed(self):
+        dialog = NewFwRuleDlg()
+        dialog.set_ok_enabled(True)
+        selected = self.rulesTreeView.selectedIndexes()
+        if len(selected) > 0:
+            row = self.rulesTreeView.selectedIndexes().pop().row()
+            address = self.fw_model.get_column_string(0, row).replace(' ', '')
+            dialog.addressComboBox.setItemText(0, address)
+            dialog.addressComboBox.setCurrentIndex(0)
+            service = self.fw_model.get_column_string(1, row)
+            dialog.serviceComboBox.setItemText(0, service)
+            dialog.serviceComboBox.setCurrentIndex(0)
+            self.run_rule_dialog(dialog, row)
+
+    def delete_rule_button_pressed(self):
+        for i in set([index.row() for index in self.rulesTreeView.selectedIndexes()]):
+            self.fw_model.removeChild(i)
+
+    def run_rule_dialog(self, dialog, row = None):
+        if dialog.exec_():
+            address = str(dialog.addressComboBox.currentText())
+            service = str(dialog.serviceComboBox.currentText())
+            port = None
+            port2 = None
+
+            unmask = address.split("/", 1)
+            if len(unmask) == 2:
+                address = unmask[0]
+                netmask = int(unmask[1])
+            else:
+                netmask = 32
+
+            if address == "*":
+                address = "0.0.0.0"
+                netmask = 0
+
+            if service == "*":
+                service = "0"
+            try:
+                range = service.split("-", 1)
+                if len(range) == 2:
+                    port = int(range[0])
+                    port2 = int(range[1])
+                else:
+                    port = int(service)
+            except (TypeError, ValueError) as ex:
+                port = self.fw_model.get_service_port(service)
+
+            if port is not None:
+                if port2 is not None and port2 <= port:
+                    QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port))
+                else:
+                    item = QubesFirewallRuleItem(address, netmask, port, port2)
+                    if row is not None:
+                        self.fw_model.setChild(row, item)
+                    else:
+                        self.fw_model.appendChild(item)
+            else:
+                QMessageBox.warning(None, "Invalid service name", "Service '{0} is unknown.".format(service))
+
 
 # Bases on the original code by:
 # Copyright (c) 2002-2007 Pascal Varet <p.varet@gmail.com>