Use firewal rules in Python data structure

qubesmanager/firewall.py

@@ -149,61 +149,40 @@ class QubesFirewallRulesModel(QAbstractItemModel):
 
         self.clearChildren()
 
-        root = vm.get_firewall_conf()
+        conf = vm.get_firewall_conf()
-        for element in root:
+        for rule in conf["rules"]:
-            try:
+            self.appendChild(QubesFirewallRuleItem(
-                kwargs = { "allow": element.tag=="allow" }
+                rule["name"], rule["allow"], rule["address"],
-                attr_list = ("name", "address", "netmask", "port", "toport")
+                rule["netmask"], rule["portBegin"], rule["portEnd"]
-
+                ))
-                for attribute in attr_list:
-                    kwargs[attribute] = element.get(attribute)
-
-                kwargs["netmask"] = int(kwargs["netmask"])
-                kwargs["portBegin"] = int(kwargs["port"])
-                if kwargs["toport"] is not None:
-                    kwargs["portEnd"] = int(kwargs["toport"])
-                del(kwargs["port"])
-                del(kwargs["toport"])
-
-                self.appendChild(QubesFirewallRuleItem(**kwargs))
-
-            except (ValueError, LookupError) as err:
-                print "{0}: load error: {1}".format(
-                        os.path.basename(sys.argv[0]), err)
-                return False
-
-        return True
 
     def apply_rules(self):
         assert self.__vm is not None
 
-        root = xml.etree.ElementTree.Element(
+        conf = { "allow": True, "rules": list() }
-                "QubesFirwallRules",
-                policy="allow"
-        )
 
         for rule in self.children:
-            element = xml.etree.ElementTree.Element(
+            conf["rules"].append(
-                    "allow" if rule.allow else "deny",
+                    {
-                    name=rule.name,
+                        "allow": rule.allow,
-                    address=rule.address,
+                        "name": rule.name,
-                    netmask=str(rule.netmask),
+                        "address": rule.address,
-                    port=str(rule.portBegin),
+                        "netmask": rule.netmask,
+                        "portBegin": rule.portBegin,
+                        "portEnd": rule.portEnd
+                    }
             )
-            if rule.portEnd is not None:
-                element.set("toport", str(rule.portEnd)) 
-            root.append(element)
 
-        tree = xml.etree.ElementTree.ElementTree(root)
+        self.__vm.write_firewall_conf(conf)
 
-        try:
+        qvm_collection = QubesVmCollection()
-            self.__vm.write_firewall_conf(tree)
+        qvm_collection.lock_db_for_reading()
-        except EnvironmentError as err:
+        qvm_collection.load()
-            print "{0}: save error: {1}".format(
+        qvm_collection.unlock_db()
-                    os.path.basename(sys.argv[0]), err)
-            return False
 
-        return True
+        for vm in qvm_collection.values():
+            if vm.is_fwvm():
+                vm.write_iptables_xenstore_entry()
 
     def index(self, row, column, parent=QModelIndex()):
         if not self.hasIndex(row, column, parent):