From 6cd02b47b3bffdf5ad31c0db6c0b526c3045a7d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marta=20Marczykowska-G=C3=B3recka?= Date: Fri, 2 Aug 2019 16:34:55 +0200 Subject: [PATCH 1/2] Better handling of port/service names for VM settings Now port will be displayed as port_number [(service name)] , and not just service name. Also added a tooltip with explanation of what can be put in the 'port/service' field, renamed the field to 'Port/service' and added some examples of pure port numbers to the drop down. fixes QubesOS/qubes-issues#5211 --- qubesmanager/firewall.py | 15 +++++++-------- ui/newfwruledlg.ui | 5 ++++- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/qubesmanager/firewall.py b/qubesmanager/firewall.py index 8e2f8f2..e524408 100644 --- a/qubesmanager/firewall.py +++ b/qubesmanager/firewall.py @@ -104,18 +104,17 @@ class NewFwRuleDlg(QtGui.QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg): "192.168.1.100", "192.168.0.0/16", "*" ] - displayed_services = [ - '', + example_services = [ + '', '22', '80', '1024-1234', 'http', 'https', 'ftp', 'ftps', 'smtp', - 'smtps', 'pop3', 'pop3s', 'imap', 'imaps', 'odmr', + 'pop3', 'pop3s', 'imap', 'imaps', 'odmr', 'nntp', 'nntps', 'ssh', 'telnet', 'telnets', 'ntp', 'snmp', 'ldap', 'ldaps', 'irc', 'ircs', 'xmpp-client', - 'syslog', 'printer', 'nfs', 'x11', - '1024-1234' + 'syslog', 'printer', 'nfs', 'x11' ] for address in example_addresses: self.addressComboBox.addItem(address) - for service in displayed_services: + for service in example_services: self.serviceComboBox.addItem(service) def address_editing_finished(self): @@ -143,7 +142,7 @@ class QubesFirewallRulesModel(QtCore.QAbstractItemModel): def __init__(self, parent=None): QtCore.QAbstractItemModel.__init__(self, parent) - self.__column_names = {0: "Address", 1: "Service", 2: "Protocol", } + self.__column_names = {0: "Address", 1: "Port/Service", 2: "Protocol", } self.__services = list() pattern = re.compile( r"(?P[a-z][a-z0-9-]+)\s+(?P[0-9]+)/" @@ -176,7 +175,7 @@ class QubesFirewallRulesModel(QtCore.QAbstractItemModel): def get_service_name(self, port): for service in self.__services: if str(service[1]) == str(port): - return service[0] + return "{0} ({1})".format(str(port), service[0]) return str(port) def get_service_port(self, name): diff --git a/ui/newfwruledlg.ui b/ui/newfwruledlg.ui index 5de0c49..63c359d 100644 --- a/ui/newfwruledlg.ui +++ b/ui/newfwruledlg.ui @@ -53,7 +53,7 @@ - Service + Port/Service @@ -98,6 +98,9 @@ + + <html><head/><body><p>Port/service can be provided as either port number (e.g. 122), port range (1024-1234) or service name (e.g. smtp) . For full list of services known, see /etc/services in dom0.</p></body></html> + true From 1d7d51eafdcb1cf6ac5781629deffa90f78e7389 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marta=20Marczykowska-G=C3=B3recka?= Date: Fri, 2 Aug 2019 16:58:30 +0200 Subject: [PATCH 2/2] Fixed parsing port ranges in VM settings Now service names with dash ('-') in them will be parsed correctly and not result in an error. fixes QubesOS/qubes-issues#4766 --- qubesmanager/firewall.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/qubesmanager/firewall.py b/qubesmanager/firewall.py index e524408..106b24b 100644 --- a/qubesmanager/firewall.py +++ b/qubesmanager/firewall.py @@ -109,7 +109,7 @@ class NewFwRuleDlg(QtGui.QDialog, ui_newfwruledlg.Ui_NewFwRuleDlg): 'http', 'https', 'ftp', 'ftps', 'smtp', 'pop3', 'pop3s', 'imap', 'imaps', 'odmr', 'nntp', 'nntps', 'ssh', 'telnet', 'telnets', 'ntp', - 'snmp', 'ldap', 'ldaps', 'irc', 'ircs', 'xmpp-client', + 'snmp', 'ldap', 'ldaps', 'irc', 'ircs-u', 'xmpp-client', 'syslog', 'printer', 'nfs', 'x11' ] for address in example_addresses: @@ -144,6 +144,9 @@ class QubesFirewallRulesModel(QtCore.QAbstractItemModel): self.__column_names = {0: "Address", 1: "Port/Service", 2: "Protocol", } self.__services = list() + + self.port_range_pattern = re.compile(r'\d+-\d+') + pattern = re.compile( r"(?P[a-z][a-z0-9-]+)\s+(?P[0-9]+)/" r"(?P[a-z]+)", @@ -380,7 +383,7 @@ class QubesFirewallRulesModel(QtCore.QAbstractItemModel): elif dialog.udp_radio.isChecked(): rule.proto = 'udp' - if '-' in service: + if self.port_range_pattern.fullmatch(service): try: rule.dstports = service except ValueError: