Implemented implicit rule to allow ICMP traffic in firewall

2011-03-21 22:08:39 +01:00 · 2011-03-21 22:08:39 +01:00 · c8781da11e
commit c8781da11e
parent de8c46dff2
2 changed files with 35 additions and 10 deletions
--- a/editfwrulesdlg.ui
+++ b/editfwrulesdlg.ui
@ -67,14 +67,28 @@
        </widget>
       </item>
       <item>
-        <widget class="QCheckBox" name="dnsCheckBox">
-         <property name="text">
-          <string>Allow DNS queries</string>
-         </property>
-         <property name="checked">
-          <bool>true</bool>
-         </property>
-        </widget>
+        <layout class="QHBoxLayout" name="horizontalLayout_3">
+         <item>
+          <widget class="QCheckBox" name="dnsCheckBox">
+           <property name="text">
+            <string>Allow DNS queries</string>
+           </property>
+           <property name="checked">
+            <bool>true</bool>
+           </property>
+          </widget>
+         </item>
+         <item>
+          <widget class="QCheckBox" name="icmpCheckBox">
+           <property name="text">
+            <string>Allow ICMP traffic</string>
+           </property>
+           <property name="checked">
+            <bool>true</bool>
+           </property>
+          </widget>
+         </item>
+        </layout>
       </item>
      </layout>
     </item>
@ -133,11 +147,12 @@
 <tabstops>
  <tabstop>policyAllowRadioButton</tabstop>
  <tabstop>policyDenyRadioButton</tabstop>
-  <tabstop>dnsCheckBox</tabstop>
  <tabstop>rulesTreeView</tabstop>
  <tabstop>newRuleButton</tabstop>
  <tabstop>editRuleButton</tabstop>
  <tabstop>deleteRuleButton</tabstop>
+  <tabstop>dnsCheckBox</tabstop>
+  <tabstop>icmpCheckBox</tabstop>
  <tabstop>buttonBox</tabstop>
 </tabstops>
 <resources/>
--- a/qubesmanager/firewall.py
+++ b/qubesmanager/firewall.py
@ -43,6 +43,7 @@ class EditFwRulesDlg (QDialog, ui_editfwrulesdlg.Ui_EditFwRulesDlg):
        self.deleteRuleButton.clicked.connect(self.delete_rule_button_pressed)
        self.policyAllowRadioButton.toggled.connect(self.policy_radio_toggled)
        self.dnsCheckBox.toggled.connect(self.dns_checkbox_toggled)
+        self.icmpCheckBox.toggled.connect(self.icmp_checkbox_toggled)

    def set_model(self, model):
        self.__model = model
@ -51,6 +52,7 @@ class EditFwRulesDlg (QDialog, ui_editfwrulesdlg.Ui_EditFwRulesDlg):
        self.rulesTreeView.header().setResizeMode(0, QHeaderView.Stretch)
        self.set_allow(model.allow)
        self.dnsCheckBox.setChecked(model.allowDns)
+        self.icmpCheckBox.setChecked(model.allowIcmp)
        self.setWindowTitle(model.get_vm_name() + " firewall")

    def set_allow(self, allow):
@ -63,6 +65,9 @@ class EditFwRulesDlg (QDialog, ui_editfwrulesdlg.Ui_EditFwRulesDlg):
    def dns_checkbox_toggled(self, on):
        self.__model.allowDns = on

+    def icmp_checkbox_toggled(self, on):
+        self.__model.allowIcmp = on
+
    def new_rule_button_pressed(self):
        dialog = NewFwRuleDlg()
        self.run_rule_dialog(dialog)
@ -228,6 +233,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):

        self.allow = conf["allow"]
        self.allowDns = conf["allowDns"]
+        self.allowIcmp = conf["allowIcmp"]

        for rule in conf["rules"]:
            self.appendChild(QubesFirewallRuleItem(
@ -240,7 +246,11 @@ class QubesFirewallRulesModel(QAbstractItemModel):
    def apply_rules(self):
        assert self.__vm is not None

-        conf = { "allow": self.allow, "allowDns": self.allowDns, "rules": list() }
+        conf = { "allow": self.allow,
+                "allowDns": self.allowDns,
+                "allowIcmp": self.allowIcmp,
+                "rules": list()
+            }

        for rule in self.children:
            conf["rules"].append(