Qubes/manager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Firewall tab accepts protocols (ticket #447).

Browse Source
This commit is contained in:
Agnieszka Kostrzewa 2012-03-04 17:36:25 +01:00
parent a78db0f51d
commit b32be23d39
3 changed files with 54 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
newfwruledlg.ui
View File

@ -38,13 +38,6 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="3" column="0">
<widget class="QLabel" name="label_3">
<property name="text">
<string>Port</string>
</property>
</widget>
</item>
<item row="1" column="0"> <item row="1" column="0">
<widget class="QLabel" name="label_4"> <widget class="QLabel" name="label_4">
<property name="text"> <property name="text">
@ -133,38 +126,6 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="3" column="1">
<widget class="QLineEdit" name="tcp_port_lineedit">
<property name="enabled">
<bool>false</bool>
</property>
<property name="sizePolicy">
<sizepolicy hsizetype="Expanding" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="inputMethodHints">
<set>Qt::ImhDigitsOnly</set>
</property>
<property name="maxLength">
<number>5</number>
</property>
</widget>
</item>
<item row="3" column="2">
<widget class="QLineEdit" name="udp_port_lineedit">
<property name="enabled">
<bool>false</bool>
</property>
<property name="inputMethodHints">
<set>Qt::ImhDigitsOnly</set>
</property>
<property name="maxLength">
<number>5</number>
</property>
</widget>
</item>
</layout> </layout>
</item> </item>
<item row="1" column="0"> <item row="1" column="0">

41
qubesmanager/firewall.py
View File

@ -81,12 +81,13 @@ class NewFwRuleDlg (QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg):
self.set_ok_enabled(False) self.set_ok_enabled(False)
self.addressComboBox.setValidator(QIPAddressValidator()) self.addressComboBox.setValidator(QIPAddressValidator())
self.addressComboBox.editTextChanged.connect(self.address_editing_finished) self.addressComboBox.editTextChanged.connect(self.address_editing_finished)
self.serviceComboBox.setValidator(QRegExpValidator(QRegExp("\*|[a-z][a-z0-9-]+|[0-9]+(-[0-9]+)?", Qt.CaseInsensitive), None)) self.serviceComboBox.setValidator(QRegExpValidator(QRegExp("[a-z][a-z0-9-]+|[0-9]+(-[0-9]+)?", Qt.CaseInsensitive), None))
self.serviceComboBox.setEnabled(False)
self.serviceComboBox.setInsertPolicy(QComboBox.InsertAtBottom) self.serviceComboBox.setInsertPolicy(QComboBox.InsertAtBottom)
self.populate_combos() self.populate_combos()
self.serviceComboBox.setInsertPolicy(QComboBox.InsertAtTop) self.serviceComboBox.setInsertPolicy(QComboBox.InsertAtTop)
def populate_combos(self): def populate_combos(self):
example_addresses = [ example_addresses = [
"", "www.example.com", "", "www.example.com",
@ -100,7 +101,7 @@ class NewFwRuleDlg (QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg):
'ssh', 'telnet', 'telnets', 'ntp', 'snmp', 'ssh', 'telnet', 'telnets', 'ntp', 'snmp',
'ldap', 'ldaps', 'irc', 'ircs', 'xmpp-client', 'ldap', 'ldaps', 'irc', 'ircs', 'xmpp-client',
'syslog', 'printer', 'nfs', 'x11', 'syslog', 'printer', 'nfs', 'x11',
'*', '1024-1234' '1024-1234'
] ]
for address in example_addresses: for address in example_addresses:
self.addressComboBox.addItem(address) self.addressComboBox.addItem(address)
@ -116,26 +117,25 @@ class NewFwRuleDlg (QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg):
ok_button.setEnabled(on) ok_button.setEnabled(on)
def on_tcp_radio_toggled(self, checked): def on_tcp_radio_toggled(self, checked):
self.tcp_port_lineedit.setEnabled(checked) if checked:
self.udp_port_lineedit.setEnabled(not checked) self.serviceComboBox.setEnabled(True)
def on_udp_radio_toggled(self, checked): def on_udp_radio_toggled(self, checked):
self.tcp_port_lineedit.setEnabled(not checked) if checked:
self.udp_port_lineedit.setEnabled(checked) self.serviceComboBox.setEnabled(True)
def on_any_radio_toggled(self, checked): def on_any_radio_toggled(self, checked):
self.tcp_port_lineedit.setEnabled(not checked) if checked:
self.udp_port_lineedit.setEnabled(not checked) self.serviceComboBox.setEnabled(False)
class QubesFirewallRuleItem(object): class QubesFirewallRuleItem(object):
def __init__(self, address = str(), netmask = 32, portBegin = 0, portEnd = None): def __init__(self, address = str(), netmask = 32, portBegin = 0, portEnd = None, protocol = "any"):
self.__address = address self.__address = address
self.__netmask = netmask self.__netmask = netmask
self.__portBegin = portBegin self.__portBegin = portBegin
self.__portEnd = portEnd self.__portEnd = portEnd
self.__protocol = protocol
@property @property
def address(self): def address(self):
@ -153,6 +153,10 @@ class QubesFirewallRuleItem(object):
def portEnd(self): def portEnd(self):
return self.__portEnd return self.__portEnd
@property
def protocol(self):
return self.__protocol
def hasChildren(self): def hasChildren(self):
return False return False
@ -166,13 +170,15 @@ class QubesFirewallRulesModel(QAbstractItemModel):
0: lambda x: "*" if self.children[x].address == "0.0.0.0" and self.children[x].netmask == 0 \ 0: lambda x: "*" if self.children[x].address == "0.0.0.0" and self.children[x].netmask == 0 \
else self.children[x].address + ("" if self.children[x].netmask == 32 \ else self.children[x].address + ("" if self.children[x].netmask == 32 \
else " /{0}".format(self.children[x].netmask)), else " /{0}".format(self.children[x].netmask)),
1: lambda x: "*" if self.children[x].portBegin == 0 \ 1: lambda x: "any" if self.children[x].portBegin == 0 \
else "{0}-{1}".format(self.children[x].portBegin, self.children[x].portEnd) if self.children[x].portEnd is not None \ else "{0}-{1}".format(self.children[x].portBegin, self.children[x].portEnd) if self.children[x].portEnd is not None \
else self.get_service_name(self.children[x].portBegin), else self.get_service_name(self.children[x].portBegin),
2: lambda x: self.children[x].protocol,
} }
self.__columnNames = { self.__columnNames = {
0: "Address", 0: "Address",
1: "Service", 1: "Service",
2: "Protocol",
} }
self.__services = list() self.__services = list()
@ -182,7 +188,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
match = pattern.match(line) match = pattern.match(line)
if match is not None: if match is not None:
service = match.groupdict() service = match.groupdict()
self.__services.append( (service["name"], int(service["port"]), service["protocol"]) ) self.__services.append( (service["name"], int(service["port"]),) )
f.close() f.close()
def sort(self, idx, order): def sort(self, idx, order):
@ -193,6 +199,8 @@ class QubesFirewallRulesModel(QAbstractItemModel):
self.children.sort(key=attrgetter('address'), reverse = rev) self.children.sort(key=attrgetter('address'), reverse = rev)
if idx==1: if idx==1:
self.children.sort(key=lambda x: self.get_service_name(attrgetter('portBegin')) if attrgetter('portEnd') == None else attrgetter('portBegin'), reverse = rev) self.children.sort(key=lambda x: self.get_service_name(attrgetter('portBegin')) if attrgetter('portEnd') == None else attrgetter('portBegin'), reverse = rev)
if idx==2:
self.children.sort(key=attrgetter('protocol'), reverse = rev)
def get_service_name(self, port): def get_service_name(self, port):
@ -223,7 +231,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
for rule in conf["rules"]: for rule in conf["rules"]:
self.appendChild(QubesFirewallRuleItem( self.appendChild(QubesFirewallRuleItem(
rule["address"], rule["netmask"], rule["portBegin"], rule["portEnd"] rule["address"], rule["netmask"], rule["portBegin"], rule["portEnd"], rule["proto"]
)) ))
def get_vm_name(self): def get_vm_name(self):
@ -244,7 +252,8 @@ class QubesFirewallRulesModel(QAbstractItemModel):
"address": rule.address, "address": rule.address,
"netmask": rule.netmask, "netmask": rule.netmask,
"portBegin": rule.portBegin, "portBegin": rule.portBegin,
"portEnd": rule.portEnd "portEnd": rule.portEnd,
"proto": rule.protocol,
} }
) )

23
qubesmanager/settings.py
View File

@ -288,8 +288,18 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
dialog.addressComboBox.setItemText(0, address) dialog.addressComboBox.setItemText(0, address)
dialog.addressComboBox.setCurrentIndex(0) dialog.addressComboBox.setCurrentIndex(0)
service = self.fw_model.get_column_string(1, row) service = self.fw_model.get_column_string(1, row)
if service == "any":
service = ""
dialog.serviceComboBox.setItemText(0, service) dialog.serviceComboBox.setItemText(0, service)
dialog.serviceComboBox.setCurrentIndex(0) dialog.serviceComboBox.setCurrentIndex(0)
protocol = self.fw_model.get_column_string(2, row)
if protocol == "tcp":
dialog.tcp_radio.setChecked(True)
elif protocol == "udp":
dialog.udp_radio.setChecked(True)
else:
dialog.any_radio.setChecked(True)
self.run_rule_dialog(dialog, row) self.run_rule_dialog(dialog, row)
def delete_rule_button_pressed(self): def delete_rule_button_pressed(self):
@ -314,8 +324,15 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
address = "0.0.0.0" address = "0.0.0.0"
netmask = 0 netmask = 0
if service == "*": if dialog.any_radio.isChecked():
service = "0" protocol = "any"
port = 0
else:
if dialog.tcp_radio.isChecked():
protocol = "tcp"
elif dialog.udp_radio.isChecked():
protocol = "udp"
try: try:
range = service.split("-", 1) range = service.split("-", 1)
if len(range) == 2: if len(range) == 2:
@ -330,7 +347,7 @@ class VMSettingsWindow(Ui_SettingsDialog, QDialog):
if port2 is not None and port2 <= port: if port2 is not None and port2 <= port:
QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port)) QMessageBox.warning(None, "Invalid service ports range", "Port {0} is lower than port {1}.".format(port2, port))
else: else:
item = QubesFirewallRuleItem(address, netmask, port, port2) item = QubesFirewallRuleItem(address, netmask, port, port2, protocol)
if row is not None: if row is not None:
self.fw_model.setChild(row, item) self.fw_model.setChild(row, item)
else: else: