Qubes/manager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Firewall tab accepts protocols (ticket #447).

Browse Source
This commit is contained in:
Agnieszka Kostrzewa 2012-03-04 17:36:25 +01:00
parent a78db0f51d
commit b32be23d39
3 changed files with 54 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
newfwruledlg.ui
View File

@ -38,13 +38,6 @@
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="label_3">
<property name="text">
<string>Port</string>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="label_4">
<property name="text">
@ -133,38 +126,6 @@
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QLineEdit" name="tcp_port_lineedit">
<property name="enabled">
<bool>false</bool>
</property>
<property name="sizePolicy">
<sizepolicy hsizetype="Expanding" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="inputMethodHints">
<set>Qt::ImhDigitsOnly</set>
</property>
<property name="maxLength">
<number>5</number>
</property>
</widget>
</item>
<item row="3" column="2">
<widget class="QLineEdit" name="udp_port_lineedit">
<property name="enabled">
<bool>false</bool>
</property>
<property name="inputMethodHints">
<set>Qt::ImhDigitsOnly</set>
</property>
<property name="maxLength">
<number>5</number>
</property>
</widget>
</item>
</layout>
</item>
<item row="1" column="0">

41
qubesmanager/firewall.py
View File

@ -81,12 +81,13 @@ class NewFwRuleDlg (QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg):
self.set_ok_enabled(False)
self.addressComboBox.setValidator(QIPAddressValidator())
self.addressComboBox.editTextChanged.connect(self.address_editing_finished)
self.serviceComboBox.setValidator(QRegExpValidator(QRegExp("\*|[a-z][a-z0-9-]+|[0-9]+(-[0-9]+)?", Qt.CaseInsensitive), None))
self.serviceComboBox.setValidator(QRegExpValidator(QRegExp("[a-z][a-z0-9-]+|[0-9]+(-[0-9]+)?", Qt.CaseInsensitive), None))
self.serviceComboBox.setEnabled(False)
self.serviceComboBox.setInsertPolicy(QComboBox.InsertAtBottom)
self.populate_combos()
self.serviceComboBox.setInsertPolicy(QComboBox.InsertAtTop)
def populate_combos(self):
example_addresses = [
"", "www.example.com",
@ -100,7 +101,7 @@ class NewFwRuleDlg (QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg):
'ssh', 'telnet', 'telnets', 'ntp', 'snmp',
'ldap', 'ldaps', 'irc', 'ircs', 'xmpp-client',
'syslog', 'printer', 'nfs', 'x11',
'*', '1024-1234'
'1024-1234'
]
for address in example_addresses:
self.addressComboBox.addItem(address)
@ -116,26 +117,25 @@ class NewFwRuleDlg (QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg):
ok_button.setEnabled(on)
def on_tcp_radio_toggled(self, checked):
self.tcp_port_lineedit.setEnabled(checked)
self.udp_port_lineedit.setEnabled(not checked)
if checked:
self.serviceComboBox.setEnabled(True)
def on_udp_radio_toggled(self, checked):
self.tcp_port_lineedit.setEnabled(not checked)
self.udp_port_lineedit.setEnabled(checked)
if checked:
self.serviceComboBox.setEnabled(True)
def on_any_radio_toggled(self, checked):
self.tcp_port_lineedit.setEnabled(not checked)
self.udp_port_lineedit.setEnabled(not checked)
if checked:
self.serviceComboBox.setEnabled(False)
class QubesFirewallRuleItem(object):
def __init__(self, address = str(), netmask = 32, portBegin = 0, portEnd = None):
def __init__(self, address = str(), netmask = 32, portBegin = 0, portEnd = None, protocol = "any"):
self.__address = address
self.__netmask = netmask
self.__portBegin = portBegin
self.__portEnd = portEnd
self.__protocol = protocol
@property
def address(self):
@ -153,6 +153,10 @@ class QubesFirewallRuleItem(object):
def portEnd(self):
return self.__portEnd
@property
def protocol(self):
return self.__protocol
def hasChildren(self):
return False
@ -166,13 +170,15 @@ class QubesFirewallRulesModel(QAbstractItemModel):
0: lambda x: "*" if self.children[x].address == "0.0.0.0" and self.children[x].netmask == 0 \
else self.children[x].address + ("" if self.children[x].netmask == 32 \
else " /{0}".format(self.children[x].netmask)),
1: lambda x: "*" if self.children[x].portBegin == 0 \
1: lambda x: "any" if self.children[x].portBegin == 0 \
else "{0}-{1}".format(self.children[x].portBegin, self.children[x].portEnd) if self.children[x].portEnd is not None \
else self.get_service_name(self.children[x].portBegin),
2: lambda x: self.children[x].protocol,
}
self.__columnNames = {
0: "Address",
1: "Service",
2: "Protocol",
}
self.__services = list()
@ -182,7 +188,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
match = pattern.match(line)
if match is not None:
service = match.groupdict()
self.__services.append( (service["name"], int(service["port"]), service["protocol"]) )
self.__services.append( (service["name"], int(service["port"]),) )
f.close()
def sort(self, idx, order):
@ -193,6 +199,8 @@ class QubesFirewallRulesModel(QAbstractItemModel):
self.children.sort(key=attrgetter('address'), reverse = rev)
if idx==1:
self.children.sort(key=lambda x: self.get_service_name(attrgetter('portBegin')) if attrgetter('portEnd') == None else attrgetter('portBegin'), reverse = rev)
if idx==2:
self.children.sort(key=attrgetter('protocol'), reverse = rev)
def get_service_name(self, port):
@ -223,7 +231,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
for rule in conf["rules"]:
self.appendChild(QubesFirewallRuleItem(
rule["address"], rule["netmask"], rule["portBegin"], rule["portEnd"]
rule["address"], rule["netmask"], rule["portBegin"], rule["portEnd"], rule["proto"]
))
def get_vm_name(self):
@ -244,7 +252,8 @@ class QubesFirewallRulesModel(QAbstractItemModel):
"address": rule.address,
"netmask": rule.netmask,
"portBegin": rule.portBegin,
"portEnd": rule.portEnd
"portEnd": rule.portEnd,
"proto": rule.protocol,
}
)

41
qubesmanager/settings.py
View File

@ -288,8 +288,18 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
dialog.addressComboBox.setItemText(0, address)
dialog.addressComboBox.setCurrentIndex(0)
service = self.fw_model.get_column_string(1, row)
if service == "any":
service = ""
dialog.serviceComboBox.setItemText(0, service)
dialog.serviceComboBox.setCurrentIndex(0)
protocol = self.fw_model.get_column_string(2, row)
if protocol == "tcp":
dialog.tcp_radio.setChecked(True)
elif protocol == "udp":
dialog.udp_radio.setChecked(True)
else:
dialog.any_radio.setChecked(True)
self.run_rule_dialog(dialog, row)
def delete_rule_button_pressed(self):
@ -314,23 +324,30 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
address = "0.0.0.0"
netmask = 0
if service == "*":
service = "0"
try:
range = service.split("-", 1)
if len(range) == 2:
port = int(range[0])
port2 = int(range[1])
else:
port = int(service)
except (TypeError, ValueError) as ex:
port = self.fw_model.get_service_port(service)
if dialog.any_radio.isChecked():
protocol = "any"
port = 0
else:
if dialog.tcp_radio.isChecked():
protocol = "tcp"
elif dialog.udp_radio.isChecked():
protocol = "udp"
try:
range = service.split("-", 1)
if len(range) == 2:
port = int(range[0])
port2 = int(range[1])
else:
port = int(service)
except (TypeError, ValueError) as ex:
port = self.fw_model.get_service_port(service)
if port is not None:
if port2 is not None and port2 <= port:
QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port))
else:
item = QubesFirewallRuleItem(address, netmask, port, port2)
item = QubesFirewallRuleItem(address, netmask, port, port2, protocol)
if row is not None:
self.fw_model.setChild(row, item)
else: