From c8781da11ee7bf6898612d44cbed9e3e31d03403 Mon Sep 17 00:00:00 2001
From: Tomasz Sterna <tomek@xiaoka.com>
Date: Mon, 21 Mar 2011 22:08:39 +0100
Subject: [PATCH] Implemented implicit rule to allow ICMP traffic in firewall

---
 editfwrulesdlg.ui        | 33 ++++++++++++++++++++++++---------
 qubesmanager/firewall.py | 12 +++++++++++-
 2 files changed, 35 insertions(+), 10 deletions(-)

diff --git a/editfwrulesdlg.ui b/editfwrulesdlg.ui
index 4df4368..acb25d2 100644
--- a/editfwrulesdlg.ui
+++ b/editfwrulesdlg.ui
@@ -67,14 +67,28 @@
         </widget>
        </item>
        <item>
-        <widget class="QCheckBox" name="dnsCheckBox">
-         <property name="text">
-          <string>Allow DNS queries</string>
-         </property>
-         <property name="checked">
-          <bool>true</bool>
-         </property>
-        </widget>
+        <layout class="QHBoxLayout" name="horizontalLayout_3">
+         <item>
+          <widget class="QCheckBox" name="dnsCheckBox">
+           <property name="text">
+            <string>Allow DNS queries</string>
+           </property>
+           <property name="checked">
+            <bool>true</bool>
+           </property>
+          </widget>
+         </item>
+         <item>
+          <widget class="QCheckBox" name="icmpCheckBox">
+           <property name="text">
+            <string>Allow ICMP traffic</string>
+           </property>
+           <property name="checked">
+            <bool>true</bool>
+           </property>
+          </widget>
+         </item>
+        </layout>
        </item>
       </layout>
      </item>
@@ -133,11 +147,12 @@
  <tabstops>
   <tabstop>policyAllowRadioButton</tabstop>
   <tabstop>policyDenyRadioButton</tabstop>
-  <tabstop>dnsCheckBox</tabstop>
   <tabstop>rulesTreeView</tabstop>
   <tabstop>newRuleButton</tabstop>
   <tabstop>editRuleButton</tabstop>
   <tabstop>deleteRuleButton</tabstop>
+  <tabstop>dnsCheckBox</tabstop>
+  <tabstop>icmpCheckBox</tabstop>
   <tabstop>buttonBox</tabstop>
  </tabstops>
  <resources/>
diff --git a/qubesmanager/firewall.py b/qubesmanager/firewall.py
index 59af881..1b51ae3 100644
--- a/qubesmanager/firewall.py
+++ b/qubesmanager/firewall.py
@@ -43,6 +43,7 @@ class EditFwRulesDlg (QDialog, ui_editfwrulesdlg.Ui_EditFwRulesDlg):
         self.deleteRuleButton.clicked.connect(self.delete_rule_button_pressed)
         self.policyAllowRadioButton.toggled.connect(self.policy_radio_toggled)
         self.dnsCheckBox.toggled.connect(self.dns_checkbox_toggled)
+        self.icmpCheckBox.toggled.connect(self.icmp_checkbox_toggled)
 
     def set_model(self, model):
         self.__model = model
@@ -51,6 +52,7 @@ class EditFwRulesDlg (QDialog, ui_editfwrulesdlg.Ui_EditFwRulesDlg):
         self.rulesTreeView.header().setResizeMode(0, QHeaderView.Stretch)
         self.set_allow(model.allow)
         self.dnsCheckBox.setChecked(model.allowDns)
+        self.icmpCheckBox.setChecked(model.allowIcmp)
         self.setWindowTitle(model.get_vm_name() + " firewall")
 
     def set_allow(self, allow):
@@ -63,6 +65,9 @@ class EditFwRulesDlg (QDialog, ui_editfwrulesdlg.Ui_EditFwRulesDlg):
     def dns_checkbox_toggled(self, on):
         self.__model.allowDns = on
 
+    def icmp_checkbox_toggled(self, on):
+        self.__model.allowIcmp = on
+
     def new_rule_button_pressed(self):
         dialog = NewFwRuleDlg()
         self.run_rule_dialog(dialog)
@@ -228,6 +233,7 @@ class QubesFirewallRulesModel(QAbstractItemModel):
 
         self.allow = conf["allow"]
         self.allowDns = conf["allowDns"]
+        self.allowIcmp = conf["allowIcmp"]
 
         for rule in conf["rules"]:
             self.appendChild(QubesFirewallRuleItem(
@@ -240,7 +246,11 @@ class QubesFirewallRulesModel(QAbstractItemModel):
     def apply_rules(self):
         assert self.__vm is not None
 
-        conf = { "allow": self.allow, "allowDns": self.allowDns, "rules": list() }
+        conf = { "allow": self.allow,
+                "allowDns": self.allowDns,
+                "allowIcmp": self.allowIcmp,
+                "rules": list()
+            }
 
         for rule in self.children:
             conf["rules"].append(