diff --git a/newfwruledlg.ui b/newfwruledlg.ui
index 4190d2b..11da4ed 100644
--- a/newfwruledlg.ui
+++ b/newfwruledlg.ui
@@ -38,13 +38,6 @@
- -
-
-
- Port
-
-
-
-
@@ -133,38 +126,6 @@
- -
-
-
- false
-
-
-
- 0
- 0
-
-
-
- Qt::ImhDigitsOnly
-
-
- 5
-
-
-
- -
-
-
- false
-
-
- Qt::ImhDigitsOnly
-
-
- 5
-
-
-
-
diff --git a/qubesmanager/firewall.py b/qubesmanager/firewall.py
index 1b6db23..a2d0f46 100644
--- a/qubesmanager/firewall.py
+++ b/qubesmanager/firewall.py
@@ -81,12 +81,13 @@ class NewFwRuleDlg (QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg):
self.set_ok_enabled(False)
self.addressComboBox.setValidator(QIPAddressValidator())
self.addressComboBox.editTextChanged.connect(self.address_editing_finished)
- self.serviceComboBox.setValidator(QRegExpValidator(QRegExp("\*|[a-z][a-z0-9-]+|[0-9]+(-[0-9]+)?", Qt.CaseInsensitive), None))
-
+ self.serviceComboBox.setValidator(QRegExpValidator(QRegExp("[a-z][a-z0-9-]+|[0-9]+(-[0-9]+)?", Qt.CaseInsensitive), None))
+ self.serviceComboBox.setEnabled(False)
self.serviceComboBox.setInsertPolicy(QComboBox.InsertAtBottom)
self.populate_combos()
self.serviceComboBox.setInsertPolicy(QComboBox.InsertAtTop)
+
def populate_combos(self):
example_addresses = [
"", "www.example.com",
@@ -100,7 +101,7 @@ class NewFwRuleDlg (QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg):
'ssh', 'telnet', 'telnets', 'ntp', 'snmp',
'ldap', 'ldaps', 'irc', 'ircs', 'xmpp-client',
'syslog', 'printer', 'nfs', 'x11',
- '*', '1024-1234'
+ '1024-1234'
]
for address in example_addresses:
self.addressComboBox.addItem(address)
@@ -116,26 +117,25 @@ class NewFwRuleDlg (QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg):
ok_button.setEnabled(on)
def on_tcp_radio_toggled(self, checked):
- self.tcp_port_lineedit.setEnabled(checked)
- self.udp_port_lineedit.setEnabled(not checked)
+ if checked:
+ self.serviceComboBox.setEnabled(True)
def on_udp_radio_toggled(self, checked):
- self.tcp_port_lineedit.setEnabled(not checked)
- self.udp_port_lineedit.setEnabled(checked)
+ if checked:
+ self.serviceComboBox.setEnabled(True)
def on_any_radio_toggled(self, checked):
- self.tcp_port_lineedit.setEnabled(not checked)
- self.udp_port_lineedit.setEnabled(not checked)
-
-
+ if checked:
+ self.serviceComboBox.setEnabled(False)
class QubesFirewallRuleItem(object):
- def __init__(self, address = str(), netmask = 32, portBegin = 0, portEnd = None):
+ def __init__(self, address = str(), netmask = 32, portBegin = 0, portEnd = None, protocol = "any"):
self.__address = address
self.__netmask = netmask
self.__portBegin = portBegin
self.__portEnd = portEnd
+ self.__protocol = protocol
@property
def address(self):
@@ -153,6 +153,10 @@ class QubesFirewallRuleItem(object):
def portEnd(self):
return self.__portEnd
+ @property
+ def protocol(self):
+ return self.__protocol
+
def hasChildren(self):
return False
@@ -166,13 +170,15 @@ class QubesFirewallRulesModel(QAbstractItemModel):
0: lambda x: "*" if self.children[x].address == "0.0.0.0" and self.children[x].netmask == 0 \
else self.children[x].address + ("" if self.children[x].netmask == 32 \
else " /{0}".format(self.children[x].netmask)),
- 1: lambda x: "*" if self.children[x].portBegin == 0 \
+ 1: lambda x: "any" if self.children[x].portBegin == 0 \
else "{0}-{1}".format(self.children[x].portBegin, self.children[x].portEnd) if self.children[x].portEnd is not None \
else self.get_service_name(self.children[x].portBegin),
+ 2: lambda x: self.children[x].protocol,
}
self.__columnNames = {
0: "Address",
1: "Service",
+ 2: "Protocol",
}
self.__services = list()
@@ -182,7 +188,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
match = pattern.match(line)
if match is not None:
service = match.groupdict()
- self.__services.append( (service["name"], int(service["port"]), service["protocol"]) )
+ self.__services.append( (service["name"], int(service["port"]),) )
f.close()
def sort(self, idx, order):
@@ -193,6 +199,8 @@ class QubesFirewallRulesModel(QAbstractItemModel):
self.children.sort(key=attrgetter('address'), reverse = rev)
if idx==1:
self.children.sort(key=lambda x: self.get_service_name(attrgetter('portBegin')) if attrgetter('portEnd') == None else attrgetter('portBegin'), reverse = rev)
+ if idx==2:
+ self.children.sort(key=attrgetter('protocol'), reverse = rev)
def get_service_name(self, port):
@@ -223,7 +231,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
for rule in conf["rules"]:
self.appendChild(QubesFirewallRuleItem(
- rule["address"], rule["netmask"], rule["portBegin"], rule["portEnd"]
+ rule["address"], rule["netmask"], rule["portBegin"], rule["portEnd"], rule["proto"]
))
def get_vm_name(self):
@@ -244,7 +252,8 @@ class QubesFirewallRulesModel(QAbstractItemModel):
"address": rule.address,
"netmask": rule.netmask,
"portBegin": rule.portBegin,
- "portEnd": rule.portEnd
+ "portEnd": rule.portEnd,
+ "proto": rule.protocol,
}
)
diff --git a/qubesmanager/settings.py b/qubesmanager/settings.py
index 9081508..77edc86 100644
--- a/qubesmanager/settings.py
+++ b/qubesmanager/settings.py
@@ -288,8 +288,18 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
dialog.addressComboBox.setItemText(0, address)
dialog.addressComboBox.setCurrentIndex(0)
service = self.fw_model.get_column_string(1, row)
+ if service == "any":
+ service = ""
dialog.serviceComboBox.setItemText(0, service)
dialog.serviceComboBox.setCurrentIndex(0)
+ protocol = self.fw_model.get_column_string(2, row)
+ if protocol == "tcp":
+ dialog.tcp_radio.setChecked(True)
+ elif protocol == "udp":
+ dialog.udp_radio.setChecked(True)
+ else:
+ dialog.any_radio.setChecked(True)
+
self.run_rule_dialog(dialog, row)
def delete_rule_button_pressed(self):
@@ -314,23 +324,30 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
address = "0.0.0.0"
netmask = 0
- if service == "*":
- service = "0"
- try:
- range = service.split("-", 1)
- if len(range) == 2:
- port = int(range[0])
- port2 = int(range[1])
- else:
- port = int(service)
- except (TypeError, ValueError) as ex:
- port = self.fw_model.get_service_port(service)
+ if dialog.any_radio.isChecked():
+ protocol = "any"
+ port = 0
+ else:
+ if dialog.tcp_radio.isChecked():
+ protocol = "tcp"
+ elif dialog.udp_radio.isChecked():
+ protocol = "udp"
+
+ try:
+ range = service.split("-", 1)
+ if len(range) == 2:
+ port = int(range[0])
+ port2 = int(range[1])
+ else:
+ port = int(service)
+ except (TypeError, ValueError) as ex:
+ port = self.fw_model.get_service_port(service)
if port is not None:
if port2 is not None and port2 <= port:
QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port))
else:
- item = QubesFirewallRuleItem(address, netmask, port, port2)
+ item = QubesFirewallRuleItem(address, netmask, port, port2, protocol)
if row is not None:
self.fw_model.setChild(row, item)
else: