Skip to content

Commit 12baf1a

Browse files
gustavo-iniguez-goyagustavo-iniguez-goya
committed
ui,fw: fixed restoring policies when disabling fw
When disabling the fw, we change the default input and output policy to Accept, not to block connections. Due to a problem reloading the fw in the daemon, the policy was not changed as expected. This problem must be fixed in the daemon, but for the time being, sending two configuration changes solves the issue (one for changing the policy, and another one for disabling the fw). Closes: #1225 (cherry picked from commit d825f1e)
1 parent 99cd9f1 commit 12baf1a

File tree

1 file changed

+41
-22
lines changed

1 file changed

+41
-22
lines changed

ui/opensnitch/dialogs/firewall.py

Lines changed: 41 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -304,33 +304,52 @@ def change_fw(self, addr, node_cfg):
304304
return False
305305

306306
def enable_fw(self, enable):
307-
self._disable_widgets(not enable)
308-
if enable:
309-
self._set_status_message(QC.translate("firewall", "Enabling firewall..."))
310-
else:
311-
self._set_status_message(QC.translate("firewall", "Disabling firewall..."))
307+
try:
308+
self._disable_widgets(not enable)
309+
if enable:
310+
self._set_status_message(QC.translate("firewall", "Enabling firewall..."))
311+
else:
312+
self._set_status_message(QC.translate("firewall", "Disabling firewall..."))
313+
314+
# if previous input policy was DROP, when disabling the firewall it
315+
# must be ACCEPT to allow output traffic.
316+
if not enable and self.comboInput.currentIndex() == self.POLICY_DROP:
317+
self.comboInput.blockSignals(True)
318+
self.comboInput.setCurrentIndex(self.POLICY_ACCEPT)
319+
self.comboInput.blockSignals(False)
320+
for addr in self._nodes.get():
321+
json_profile = json.dumps(FwProfiles.ProfileAcceptInput.value)
322+
ok, err = self._fw.apply_profile(addr, json_profile)
323+
if not ok:
324+
self._set_status_error(
325+
QC.translate("firewall", "Error applying INPUT ACCEPT profile: {0}".format(err))
326+
)
327+
return
312328

313-
# if previous input policy was DROP, when disabling the firewall it
314-
# must be ACCEPT to allow output traffic.
315-
if not enable and self.comboInput.currentIndex() == self.POLICY_DROP:
316-
self.comboInput.blockSignals(True)
317-
self.comboInput.setCurrentIndex(self.POLICY_ACCEPT)
318-
self.comboInput.blockSignals(False)
319329
for addr in self._nodes.get():
320-
json_profile = json.dumps(FwProfiles.ProfileAcceptInput.value)
321-
ok, err = self._fw.apply_profile(addr, json_profile)
322-
if not ok:
323-
print("[firewall] Error applying INPUT ACCEPT profile: {0}".format(err))
330+
# FIXME:
331+
# Due to how the daemon reacts to events when the fw configuration
332+
# is modified, changing the policy + disabling the fw doesn't work
333+
# as expected.
334+
# The daemon detects that the fw is disabled, and it never changes
335+
# the policy.
336+
# As a workaround to this problem, we send 2 fw changes:
337+
# - one for changing the policy
338+
# - another one for disabling the fw
324339

325-
for addr in self._nodes.get():
326-
fwcfg = self._nodes.get_node(addr)['firewall']
327-
fwcfg.Enabled = True if enable else False
328-
self.send_notification(addr, fwcfg)
340+
fwcfg = self._nodes.get_node(addr)['firewall']
341+
self.send_notification(addr, fwcfg)
342+
time.sleep(0.5)
343+
fwcfg.Enabled = True if enable else False
344+
self.send_notification(addr, fwcfg)
345+
346+
self.lblStatusIcon.setEnabled(enable)
347+
self.policiesBox.setEnabled(enable)
329348

330-
self.lblStatusIcon.setEnabled(enable)
331-
self.policiesBox.setEnabled(enable)
349+
time.sleep(0.5)
332350

333-
time.sleep(0.5)
351+
except Exception as e:
352+
QC.translate("firewall", "Error: {0}".format(e))
334353

335354
def load_rule(self, addr, uuid):
336355
self._fwrule_dialog.load(addr, uuid)

0 commit comments

Comments
 (0)