Skip to content

Commit

Permalink
ui,fw: fixed restoring policies when disabling fw
Browse files Browse the repository at this point in the history 
When disabling the fw, we change the default input and output policy to
Accept, not to block connections.

Due to a problem reloading the fw in the daemon, the policy was not
changed as expected.

This problem must be fixed in the daemon, but for the time being,
sending two configuration changes solves the issue (one for changing the
policy, and another one for disabling the fw).

Closes: #1225
(cherry picked from commit d825f1e)
  • Loading branch information
@gustavo-iniguez-goya
gustavo-iniguez-goya committed Dec 16, 2024
1 parent 99cd9f1 commit 12baf1a
Showing 1 changed file with 41 additions and 22 deletions.
63 changes: 41 additions & 22 deletions ui/opensnitch/dialogs/firewall.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -304,33 +304,52 @@ def change_fw(self, addr, node_cfg):
return False

def enable_fw(self, enable):
self._disable_widgets(not enable)
if enable:
self._set_status_message(QC.translate("firewall", "Enabling firewall..."))
else:
self._set_status_message(QC.translate("firewall", "Disabling firewall..."))
try:
self._disable_widgets(not enable)
if enable:
self._set_status_message(QC.translate("firewall", "Enabling firewall..."))
else:
self._set_status_message(QC.translate("firewall", "Disabling firewall..."))

# if previous input policy was DROP, when disabling the firewall it
# must be ACCEPT to allow output traffic.
if not enable and self.comboInput.currentIndex() == self.POLICY_DROP:
self.comboInput.blockSignals(True)
self.comboInput.setCurrentIndex(self.POLICY_ACCEPT)
self.comboInput.blockSignals(False)
for addr in self._nodes.get():
json_profile = json.dumps(FwProfiles.ProfileAcceptInput.value)
ok, err = self._fw.apply_profile(addr, json_profile)
if not ok:
self._set_status_error(
QC.translate("firewall", "Error applying INPUT ACCEPT profile: {0}".format(err))
)
return

# if previous input policy was DROP, when disabling the firewall it
# must be ACCEPT to allow output traffic.
if not enable and self.comboInput.currentIndex() == self.POLICY_DROP:
self.comboInput.blockSignals(True)
self.comboInput.setCurrentIndex(self.POLICY_ACCEPT)
self.comboInput.blockSignals(False)
for addr in self._nodes.get():
json_profile = json.dumps(FwProfiles.ProfileAcceptInput.value)
ok, err = self._fw.apply_profile(addr, json_profile)
if not ok:
print("[firewall] Error applying INPUT ACCEPT profile: {0}".format(err))
# FIXME:
# Due to how the daemon reacts to events when the fw configuration
# is modified, changing the policy + disabling the fw doesn't work
# as expected.
# The daemon detects that the fw is disabled, and it never changes
# the policy.
# As a workaround to this problem, we send 2 fw changes:
# - one for changing the policy
# - another one for disabling the fw

for addr in self._nodes.get():
fwcfg = self._nodes.get_node(addr)['firewall']
fwcfg.Enabled = True if enable else False
self.send_notification(addr, fwcfg)
fwcfg = self._nodes.get_node(addr)['firewall']
self.send_notification(addr, fwcfg)
time.sleep(0.5)
fwcfg.Enabled = True if enable else False
self.send_notification(addr, fwcfg)

self.lblStatusIcon.setEnabled(enable)
self.policiesBox.setEnabled(enable)

self.lblStatusIcon.setEnabled(enable)
self.policiesBox.setEnabled(enable)
time.sleep(0.5)

time.sleep(0.5)
except Exception as e:
QC.translate("firewall", "Error: {0}".format(e))

def load_rule(self, addr, uuid):
self._fwrule_dialog.load(addr, uuid)
Expand Down

0 comments on commit 12baf1a

Please sign in to comment.