Mailinglist Archive: opensuse-commit (1426 mails)

< Previous Next >
commit yast2-firewall
  • From: root@xxxxxxxxxxxxxxx (h_root)
  • Date: Sat, 03 Mar 2007 14:31:53 +0100
  • Message-id: <20070303133154.362B8678180@xxxxxxxxxxxxxxx>

Hello community,

here is the log from the commit of package yast2-firewall
checked in at Sat Mar 3 14:31:53 CET 2007.

--------
--- yast2-firewall/yast2-firewall.changes 2007-02-22 17:35:15.000000000 +0100
+++ /mounts/work_src_done/NOARCH/yast2-firewall/yast2-firewall.changes 2007-03-02 13:38:15.000000000 +0100
@@ -1,0 +2,24 @@
+Fri Mar 2 13:37:56 CET 2007 - locilka@xxxxxxx
+
+- Adding forgotten handling of `cancel in the Summary dialog
+ (bugzilla #249777).
+- 2.15.3
+
+-------------------------------------------------------------------
+Wed Feb 28 15:31:25 CET 2007 - locilka@xxxxxxx
+
+- Check and install SuSEfirewall2 package when reading the
+ configuration. Supported in yast2-2.15.15 and later (#245506).
+- Disabling possibility to configure firewall in Installation in
+ Network proposal when SuSEfirewall2 package is not installed.
+
+-------------------------------------------------------------------
+Tue Feb 27 14:28:21 CET 2007 - locilka@xxxxxxx
+
+- Added support for Firewall Custom Rules (FATE #120042,
+ FATE #100068). Supported settings are: Source Network, Source
+ Port, Protocol, and Destination Port.
+- Added new testsuite.
+- 2.15.2
+
+-------------------------------------------------------------------

Old:
----
yast2-firewall-2.15.1.tar.bz2

New:
----
yast2-firewall-2.15.3.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-firewall.spec ++++++
--- /var/tmp/diff_new_pack.m28949/_old 2007-03-03 14:31:11.000000000 +0100
+++ /var/tmp/diff_new_pack.m28949/_new 2007-03-03 14:31:11.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package yast2-firewall (Version 2.15.1)
+# spec file for package yast2-firewall (Version 2.15.3)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -11,15 +11,17 @@
# norootforbuild

Name: yast2-firewall
-Version: 2.15.1
+Version: 2.15.3
Release: 1
License: GNU General Public License (GPL)
Group: System/YaST
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-firewall-2.15.1.tar.bz2
+Source0: yast2-firewall-2.15.3.tar.bz2
prefix: /usr
BuildRequires: perl-XML-Writer update-desktop-files yast2 yast2-devtools yast2-testsuite
-Requires: yast2 >= 2.13.70
+# SuSEFirewallExpertRules::DeleteRuleID()
+# SuSEFirewall::SuSEFirewallIsInstalled()
+Requires: yast2 >= 2.15.15
Provides: yast2-config-firewall
Obsoletes: yast2-config-firewall
Provides: yast2-trans-firewall
@@ -39,7 +41,7 @@
Lukas Ocilka <locilka@xxxxxxx>

%prep
-%setup -n yast2-firewall-2.15.1
+%setup -n yast2-firewall-2.15.3

%build
%{prefix}/bin/y2tool y2autoconf
@@ -73,6 +75,21 @@
%doc %{prefix}/share/doc/packages/yast2-firewall

%changelog
+* Fri Mar 02 2007 - locilka@xxxxxxx
+- Adding forgotten handling of `cancel in the Summary dialog
+ (bugzilla #249777).
+- 2.15.3
+* Wed Feb 28 2007 - locilka@xxxxxxx
+- Check and install SuSEfirewall2 package when reading the
+ configuration. Supported in yast2-2.15.15 and later (#245506).
+- Disabling possibility to configure firewall in Installation in
+ Network proposal when SuSEfirewall2 package is not installed.
+* Tue Feb 27 2007 - locilka@xxxxxxx
+- Added support for Firewall Custom Rules (FATE #120042,
+ FATE #100068). Supported settings are: Source Network, Source
+ Port, Protocol, and Destination Port.
+- Added new testsuite.
+- 2.15.2
* Thu Feb 22 2007 - locilka@xxxxxxx
- Fixed and unified icons in dialogs.
- 2.15.1

++++++ yast2-firewall-2.15.1.tar.bz2 -> yast2-firewall-2.15.3.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/configure new/yast2-firewall-2.15.3/configure
--- old/yast2-firewall-2.15.1/configure 2007-02-22 17:35:48.000000000 +0100
+++ new/yast2-firewall-2.15.3/configure 2007-02-27 12:46:33.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.60 for yast2-firewall 2.15.0.
+# Generated by GNU Autoconf 2.60 for yast2-firewall 2.15.1.
#
# Report bugs to <http://bugs.opensuse.org/>.
#
@@ -559,8 +559,8 @@
# Identity of this package.
PACKAGE_NAME='yast2-firewall'
PACKAGE_TARNAME='yast2-firewall'
-PACKAGE_VERSION='2.15.0'
-PACKAGE_STRING='yast2-firewall 2.15.0'
+PACKAGE_VERSION='2.15.1'
+PACKAGE_STRING='yast2-firewall 2.15.1'
PACKAGE_BUGREPORT='http://bugs.opensuse.org/'

ac_unique_file="RPMNAME"
@@ -1181,7 +1181,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures yast2-firewall 2.15.0 to adapt to many kinds of systems.
+\`configure' configures yast2-firewall 2.15.1 to adapt to many kinds of systems.

Usage: $0 [OPTION]... [VAR=VALUE]...

@@ -1252,7 +1252,7 @@

if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of yast2-firewall 2.15.0:";;
+ short | recursive ) echo "Configuration of yast2-firewall 2.15.1:";;
esac
cat <<\_ACEOF

@@ -1330,7 +1330,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-yast2-firewall configure 2.15.0
+yast2-firewall configure 2.15.1
generated by GNU Autoconf 2.60

Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1344,7 +1344,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

-It was created by yast2-firewall $as_me 2.15.0, which was
+It was created by yast2-firewall $as_me 2.15.1, which was
generated by GNU Autoconf 2.60. Invocation command line was

$ $0 $@
@@ -2145,7 +2145,7 @@

# Define the identity of the package.
PACKAGE='yast2-firewall'
- VERSION='2.15.0'
+ VERSION='2.15.1'


cat >>confdefs.h <<_ACEOF
@@ -2372,7 +2372,7 @@



-VERSION="2.15.0"
+VERSION="2.15.1"
RPMNAME="yast2-firewall"
MAINTAINER="Lukas Ocilka <locilka@xxxxxxx>"

@@ -3258,7 +3258,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by yast2-firewall $as_me 2.15.0, which was
+This file was extended by yast2-firewall $as_me 2.15.1, which was
generated by GNU Autoconf 2.60. Invocation command line was

CONFIG_FILES = $CONFIG_FILES
@@ -3301,7 +3301,7 @@
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-yast2-firewall config.status 2.15.0
+yast2-firewall config.status 2.15.1
configured by $0, generated by GNU Autoconf 2.60,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"

diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/configure.in new/yast2-firewall-2.15.3/configure.in
--- old/yast2-firewall-2.15.1/configure.in 2007-02-22 17:35:43.000000000 +0100
+++ new/yast2-firewall-2.15.3/configure.in 2007-02-27 12:46:28.000000000 +0100
@@ -3,7 +3,7 @@
dnl -- This file is generated by y2autoconf 2.14.0 - DO NOT EDIT! --
dnl (edit configure.in.in instead)

-AC_INIT(yast2-firewall, 2.15.0, http://bugs.opensuse.org/, yast2-firewall)
+AC_INIT(yast2-firewall, 2.15.1, http://bugs.opensuse.org/, yast2-firewall)
dnl Check for presence of file 'RPMNAME'
AC_CONFIG_SRCDIR([RPMNAME])

@@ -17,7 +17,7 @@
AM_INIT_AUTOMAKE(tar-ustar) dnl searches for some needed programs

dnl Important YaST2 variables
-VERSION="2.15.0"
+VERSION="2.15.1"
RPMNAME="yast2-firewall"
MAINTAINER="Lukas Ocilka <locilka@xxxxxxx>"

diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/src/complex.ycp new/yast2-firewall-2.15.3/src/complex.ycp
--- old/yast2-firewall-2.15.1/src/complex.ycp 2006-10-09 17:16:04.000000000 +0200
+++ new/yast2-firewall-2.15.3/src/complex.ycp 2007-02-28 15:33:33.000000000 +0100
@@ -4,7 +4,7 @@
* Summary: Complex dialogs definitions
* Authors: Michal Svec <msvec@xxxxxxx>
*
- * $Id: complex.ycp 33291 2006-10-09 15:15:59Z locilka $
+ * $Id: complex.ycp 36581 2007-02-28 14:33:32Z locilka $
*/

{
@@ -15,6 +15,8 @@
import "SuSEFirewall";
import "Wizard";
import "Confirm";
+ import "Report";
+ import "Message";

include "firewall/helps.ycp";

@@ -33,6 +35,10 @@

// reading firewall settings
boolean ret = SuSEFirewall::Read();
+ if (!ret) {
+ Report::Error(Message::CannotContinueWithoutPackagesInstalled());
+ return `abort;
+ }

// testing for other firewall running
if (SuSEFirewall::IsOtherFirewallRunning()) {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/src/dialogs.ycp new/yast2-firewall-2.15.3/src/dialogs.ycp
--- old/yast2-firewall-2.15.1/src/dialogs.ycp 2007-02-22 17:35:24.000000000 +0100
+++ new/yast2-firewall-2.15.3/src/dialogs.ycp 2007-03-02 13:38:26.000000000 +0100
@@ -4,7 +4,7 @@
* Summary: Configuration dialogs and workflow
* Authors: Lukas Ocilka <locilka@xxxxxxx>
*
- * $Id: dialogs.ycp 36416 2007-02-22 16:35:23Z locilka $
+ * $Id: dialogs.ycp 36654 2007-03-02 12:38:24Z locilka $
*
* Configuration dialogs and workflow.
* Both Expert and Simple.
@@ -133,6 +133,14 @@
//"store" : NoStoreNeeded,
"help" : HelpForDialog("masquerade-redirect-table"),
],
+ "CustomRules" : $[
+ "widget" : `custom,
+ "custom_widget" : `VBox(),
+ "init" : InitCustomRules,
+ "handle" : HandleCustomRules,
+ // "store" : NoStoreNeeded,
+ "help" : HelpForDialog("custom-rules"),
+ ]
];

// TRANSLATORS: Part of dialog caption
@@ -222,6 +230,16 @@
"tree_item_label" : _("Logging Level"),
"widget_names" : [ "DisableBackButton", "LoggingLevel" ]
],
+ "custom_rules" : $[
+ "contents" : `VBox (
+ CustomFirewallRules()
+ ),
+ // TRANSLATORS: part of dialog caption
+ "caption" : firewall_caption + ": " + _("Custom Rules"),
+ // TRANSLATORS: tree menu item
+ "tree_item_label" : _("Custom Rules"),
+ "widget_names" : [ "DisableBackButton", "CustomRules" ]
+ ]
];

map<symbol,any> functions = $[
@@ -230,7 +248,7 @@

symbol RunFirewallDialogs () {
list<string> simple_dialogs = [ "start_up", "interfaces", "allowed_services",
- "masquerading", "broadcast_simple", "ipsec_support", "logging_level" ];
+ "masquerading", "broadcast_simple", "ipsec_support", "logging_level", "custom_rules" ];

return DialogTree::ShowAndRun ($[
"ids_order" : simple_dialogs,
@@ -266,7 +284,12 @@

if (ret == `back || ret == `next) break;

- if (ret == `abort && AbortDialog() == true) break;
+ // bugzilla #249777, `cancel == [x] (Closing YaST UI).
+ if ((ret == `abort || ret == `cancel) && AbortDialog() == true) {
+ // ret is evaluated by the dialog sequencer
+ ret = `abort;
+ break;
+ }
}

return ret;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/src/firewall_proposal.ycp new/yast2-firewall-2.15.3/src/firewall_proposal.ycp
--- old/yast2-firewall-2.15.1/src/firewall_proposal.ycp 2006-12-04 16:42:41.000000000 +0100
+++ new/yast2-firewall-2.15.3/src/firewall_proposal.ycp 2007-02-28 17:15:18.000000000 +0100
@@ -4,7 +4,7 @@
* Summary: Firewall configuration proposal
* Authors: Lukas Ocilka <locilka@xxxxxxx>
*
- * $Id: firewall_proposal.ycp 34735 2006-12-04 15:42:36Z locilka $
+ * $Id: firewall_proposal.ycp 36585 2007-02-28 15:47:34Z locilka $
*/

{
@@ -21,6 +21,7 @@
import "Popup";
import "Progress";
import "ProductFeatures";
+import "Report";

include "firewall/helps.ycp";

@@ -30,11 +31,21 @@
// run this only once
if (!SuSEFirewallProposal::GetProposalInitialized()) {

- // variables from control file
- y2milestone("Default firewall values: enable_firewall=%1, enable_ssh=%2",
- ProductFeatures::GetBooleanFeature ("globals", "enable_firewall"), ProductFeatures::GetBooleanFeature ("globals", "firewall_enable_ssh"));
- SuSEFirewall::SetEnableService(ProductFeatures::GetBooleanFeature ("globals", "enable_firewall"));
- SuSEFirewall::SetStartService (ProductFeatures::GetBooleanFeature ("globals", "enable_firewall"));
+ // Package must be installed
+ if (SuSEFirewall::SuSEFirewallIsInstalled()) {
+ // variables from control file
+ y2milestone("Default firewall values: enable_firewall=%1, enable_ssh=%2",
+ ProductFeatures::GetBooleanFeature ("globals", "enable_firewall"), ProductFeatures::GetBooleanFeature ("globals", "firewall_enable_ssh"));
+ SuSEFirewall::SetEnableService(ProductFeatures::GetBooleanFeature ("globals", "enable_firewall"));
+ SuSEFirewall::SetStartService (ProductFeatures::GetBooleanFeature ("globals", "enable_firewall"));
+ // Package is missing
+ } else {
+ // variables from control file
+ y2milestone("Default firewall values: enable_firewall=%1, enable_ssh=%2",
+ false, false);
+ SuSEFirewall::SetEnableService(false);
+ SuSEFirewall::SetStartService (false);
+ }


SuSEFirewallProposal::SetProposalInitialized(true);
@@ -87,8 +98,15 @@
* one of these actions is called
*/

+ // Package SuSEfirewall2 is not installed
+ if (! SuSEFirewall::SuSEFirewallIsInstalled()) {
+ // TRANSLATORS: message popup
+ Report::Message (_("Firewall configuration cannot be changed.
+SuSEfirewall2 package is not installed."));
+ ret = $[ "workflow_sequence" : `next ];
+
// Enable firewall
- if (chosen_id == "firewall--enable_firewall_in_proposal") {
+ } else if (chosen_id == "firewall--enable_firewall_in_proposal") {
y2milestone("Firewall enabled by a single-click");
SuSEFirewall::SetEnableService(true);
SuSEFirewall::SetStartService(true);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/src/generalfunctions.ycp new/yast2-firewall-2.15.3/src/generalfunctions.ycp
--- old/yast2-firewall-2.15.1/src/generalfunctions.ycp 2006-10-09 15:55:37.000000000 +0200
+++ new/yast2-firewall-2.15.3/src/generalfunctions.ycp 2007-02-27 14:30:52.000000000 +0100
@@ -4,7 +4,7 @@
* Summary: General Handling Functions
* Authors: Lukas Ocilka <locilka@xxxxxxx>
*
- * $Id: generalfunctions.ycp 20777 2005-01-17 12:31:36Z locilka $
+ * $Id: generalfunctions.ycp 36538 2007-02-27 13:30:50Z locilka $
*/
{
textdomain "firewall";
@@ -46,7 +46,7 @@
y2error("Port name/number must be defined");
return nil;
}
- // if port is a port number, find port number
+ // if port is a port name, find port number
if (regexpmatch(port_to_be_checked, "^[0123456789]+$")) {
list <string> port_aliases = PortAliases::GetListOfServiceAliases(port_to_be_checked);
// clear port name
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/src/helps.ycp new/yast2-firewall-2.15.3/src/helps.ycp
--- old/yast2-firewall-2.15.1/src/helps.ycp 2006-12-04 16:42:41.000000000 +0100
+++ new/yast2-firewall-2.15.3/src/helps.ycp 2007-02-27 14:30:52.000000000 +0100
@@ -6,7 +6,7 @@
* Summary: Firewall dialogs helps
* Authors: Lukas Ocilka <locilka@xxxxxxx>
*
- * $Id: helps.ycp 34735 2006-12-04 15:42:36Z locilka $
+ * $Id: helps.ycp 36538 2007-02-27 13:30:50Z locilka $
*
* File includes helps for yast2-firewall dialogs.
*/
@@ -184,6 +184,57 @@
"installation_proposal" : _("<p><b><big>Firewall</big></b><br />
Firewall is a defensive mechanism that protects your computer from network attacks.</p>"),

+ // TRANSLATORS: general help for Custom Rules 1/5
+ "custom-rules" : _("<p><b><big>Custom Rules</big></b><br>
+Here yoy can set special firewall rules that allow new connections
+matching these rules.<p>") +
+
+ // TRANSLATORS: general help for Custom Rules 2/5
+ _("<p><b>Source Network</b><br>
+Network or IP where the connection comes from,
+e.g., <tt>192.168.0.1</tt> or <tt>192.168.0.0/255.255.255.0</tt>
+or <tt>192.168.0.0/24</tt> or <tt>0/0</tt> (which means <tt>all</tt>).<p>") +
+
+ // TRANSLATORS: general help for Custom Rules 3/5
+ _("<p><b>Protocol</b><br>
+Protocol used by that packet. Special protocol <tt>RPC</tt> is used for
+RPC services.<p>") +
+
+ // TRANSLATORS: general help for Custom Rules 4/5
+ _("<p><b>Destination Port</b><br>
+Port name, port number or range of ports that are allowed to be
+accessed, e.g., <tt>smtp</tt> or <tt>25</tt> or <tt>100:110</tt>.
+In case of <tt>RPC</tt> protocol, use the RPC service name.
+This entry is optional.<p>") +
+
+ // TRANSLATORS: general help for Custom Rules 5/5
+ _("<p><b>Source Port</b><br>
+Port name, port number or range of ports where the packet
+originates from. This entry is optional.<p>"),
+
+ // TRANSLATORS: help for Custom Rules - Adding new rule 1/4
+ "custom-rules-popup" : _("<p><b>Source Network</b><br>
+Network or IP where the connection comes from,
+e.g., <tt>192.168.0.1</tt> or <tt>192.168.0.0/255.255.255.0</tt>
+or <tt>192.168.0.0/24</tt> or <tt>0/0</tt> (which means <tt>all</tt>).<p>") +
+
+ // TRANSLATORS: help for Custom Rules - Adding new rule 2/4
+ _("<p><b>Protocol</b><br>
+Protocol used by that packet. Special protocol <tt>RPC</tt> is used for
+RPC services.<p>") +
+
+ // TRANSLATORS: help for Custom Rules - Adding new rule 3/4
+ _("<p><b>Destination Port</b><br>
+Port name, port number or range of ports that are allowed to be
+accessed, e.g., <tt>smtp</tt> or <tt>25</tt> or <tt>100:110</tt>.
+In case of <tt>RPC</tt> protocol, use the RPC service name.
+This entry is optional.<p>") +
+
+ // TRANSLATORS: help for Custom Rules - Adding new rule 4/4
+ _("<p><b>Source Port</b><br>
+Port name, port number or range of ports where the packet
+originates from. This entry is optional.<p>"),
+
];

string HelpForDialog (string identification) {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/src/subdialogs.ycp new/yast2-firewall-2.15.3/src/subdialogs.ycp
--- old/yast2-firewall-2.15.1/src/subdialogs.ycp 2006-10-09 17:16:04.000000000 +0200
+++ new/yast2-firewall-2.15.3/src/subdialogs.ycp 2007-02-27 14:30:52.000000000 +0100
@@ -4,7 +4,7 @@
* Summary: Configuration screens
* Authors: Lukas Ocilka <locilka@xxxxxxx>
*
- * $Id: subdialogs.ycp 33291 2006-10-09 15:15:59Z locilka $
+ * $Id: subdialogs.ycp 36538 2007-02-27 13:30:50Z locilka $
*
* Configuration dialogs divided into smaller logic groups.
* Both Expert and Simple.
@@ -77,7 +77,8 @@
// TRANSLATORS: push button
`PushButton(`id("change_firewall_interface"), _("&Change...")),
// TRANSLATORS: push button
- `PushButton(`id("user_defined_firewall_interface"), _("C&ustom..."))
+ `PushButton(`id("user_defined_firewall_interface"), _("C&ustom...")),
+ `HStretch ()
)
)
);
@@ -281,11 +282,10 @@
_("Source Port")
), []
),
- `VSquash (
- `HBox (
- `PushButton(`id("add_redirect_to_masquerade"), Label::AddButton()),
- `PushButton(`id("remove_redirect_to_masquerade"), Label::RemoveButton())
- )
+ `HBox (
+ `PushButton(`id("add_redirect_to_masquerade"), Label::AddButton()),
+ `PushButton(`id("remove_redirect_to_masquerade"), Label::RemoveButton()),
+ `HStretch()
)
)
);
@@ -426,11 +426,10 @@
_("Redir. to Port")
), []
),
- `VSquash (
- `HBox (
- `PushButton(`id("add_redirect_to_masquerade"), Label::AddButton()),
- `PushButton(`id("remove_redirect_to_masquerade"), Label::RemoveButton())
- )
+ `HBox (
+ `PushButton(`id("add_redirect_to_masquerade"), Label::AddButton()),
+ `PushButton(`id("remove_redirect_to_masquerade"), Label::RemoveButton()),
+ `HStretch()
)
)
);
@@ -807,7 +806,7 @@
*/

/**
- * Only for Exper configuration
+ * Only for Expert configuration
*
* term AdvancedSecuritySettings () {
* term dialog = `Frame (
@@ -885,71 +884,62 @@
* }
*/

-/**
- * Only for Expert configuration
- *
- * term CustomFirewallRules () {
- * term dialog = `Frame (
- * _("Custom Allowed Rules"),
- * `VBox (
- * `Table (
- * `header (
- * _("Source Network"),
- * _("Protocol"),
- * _("Port")
- * ),
- * // FIXME: fake items
- * [
- * `item(`id("1"), "189.12.35.0/24", "tcp", "ssh"),
- * `item(`id("2"), "147.25.136.9", "tcp", "ssh"),
- * `item(`id("3"), "145.8.0.0/20", "tcp", "domain"),
- * `item(`id("3"), "145.8.0.0/20", "udp", "domain")
- * ]
- * ),
- * `VSquash (
- * `HBox (
- * `PushButton(`id("add_custom_rule"), Label::AddButton()),
- * `PushButton(`id("remove_custom_rule"), Label::RemoveButton())
- * )
- * )
- * )
- * );
- *
- * return dialog;
- * }
- */
+ term CustomFirewallRules () {
+ term dialog = `Frame (
+ _("Custom Allowed Rules"),
+ `VBox (
+ `Left (`ComboBox (`id("custom_rules_firewall_zone"), `opt(`notify),
+ // TRANSLATORS: combo box
+ _("Firewall &Zone"), GetZonesListedItems() )
+ ),

-/**
- * Only for Expert configuration
- *
- * term AddCustomFirewallRule () {
- * term dialog = `Frame (
- * _("Add New Allowing Rule"),
- * `VBox (
- * `HBox (
- * `TextEntry(`id("add_source_network"), _("Source Network")),
- * `HSquash (
- * `ComboBox (`id("add_protocol"), _("Protocol"), [
- * `item( `id("tcp"), "tcp"),
- * `item( `id("udp"), "udp"),
- * `item( `id("icmp"), "icmp"),
- * ])
- * ),
- * `HSquash (
- * `TextEntry (`id("add_destination_port"), _("Port"))
- * )
- * ),
- * `VSpacing(1),
- * `HBox (
- * `PushButton(`id("ok"), Label::AddButton()),
- * `PushButton(`id("cancel"), Label::CancelButton())
- * )
- * )
- * );
- *
- * return dialog;
- * }
- */
+ `VSpacing ( 1 ),
+
+ `Table (
+ `id ("custom_rules_table"),
+ `header (
+ _("Source Network"),
+ _("Protocol"),
+ _("Destination Port"),
+ _("Source Port")
+ ),
+ []
+ ),
+ `HBox (
+ `PushButton(`id("add_custom_rule"), Label::AddButton()),
+ `PushButton(`id("remove_custom_rule"), Label::RemoveButton()),
+ `HStretch ()
+ )
+ )
+ );
+
+ return dialog;
+ }
+
+ term AddCustomFirewallRule () {
+ return `VBox (
+ `Frame (
+ _("Add New Allowing Rule"),
+ `VBox (
+ `TextEntry(`id("add_source_network"), _("Source &Network")),
+ `Left (`ComboBox (`id("add_protocol"), _("&Protocol"), [
+ `item( `id("tcp"), SuSEFirewall::GetProtocolTranslatedName("tcp")),
+ `item( `id("udp"), SuSEFirewall::GetProtocolTranslatedName("udp")),
+ `item( `id("_rpc_"), SuSEFirewall::GetProtocolTranslatedName("_rpc_")),
+ ])),
+ `TextEntry (`id("add_destination_port"), _("&Destination Port (Optional)")),
+ `TextEntry (`id("add_source_port"), _("&Source Port (Optional)"))
+ )
+ ),
+
+ `VSpacing(1),
+
+ `HBox (
+ `PushButton(`id("ok"), Label::AddButton()),
+ `PushButton(`id("cancel"), Label::CancelButton())
+ )
+ );
+ }

// local helper function for Summary
string HTMLWrong (string emphasize_string) {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/src/uifunctions.ycp new/yast2-firewall-2.15.3/src/uifunctions.ycp
--- old/yast2-firewall-2.15.1/src/uifunctions.ycp 2007-02-22 17:35:24.000000000 +0100
+++ new/yast2-firewall-2.15.3/src/uifunctions.ycp 2007-02-27 14:58:06.000000000 +0100
@@ -4,7 +4,7 @@
* Summary: Configuration dialogs handling functions
* Authors: Lukas Ocilka <locilka@xxxxxxx>
*
- * $Id: uifunctions.ycp 36416 2007-02-22 16:35:23Z locilka $
+ * $Id: uifunctions.ycp 36543 2007-02-27 13:58:04Z locilka $
*
* Configuration dialogs handling.
* Both Expert and Simple.
@@ -15,6 +15,7 @@
import "Confirm";
import "SuSEFirewall";
import "SuSEFirewallServices";
+ import "SuSEFirewallExpertRules";
import "PortAliases";
import "Popup";
import "Address";
@@ -22,6 +23,8 @@
import "Report";
import "Label";
import "Mode";
+ import "IP";
+ import "Netmask";

include "firewall/generalfunctions.ycp";
include "firewall/helps.ycp";
@@ -48,6 +51,57 @@
*
*/

+ /**
+ * Checks the network entry which can be defined in several formats.
+ *
+ * @example
+ * CheckNetwork ("192.168.0.1") -> true
+ * CheckNetwork ("192.168.0.0/20") -> true
+ * CheckNetwork ("192.168.0.0/255.255.255.0") -> true
+ * CheckNetwork ("0/0") -> true
+ */
+ boolean CheckNetwork (string network) {
+ boolean ret = nil;
+
+ if (network == nil || network == "") {
+ ret = false;
+
+ } else if (network == "0/0") {
+ ret = true;
+
+ // 192.168.0.1, 0.8.55.999
+ } else if (regexpmatch(network, "^[0123456789\.]+$")) {
+ ret = IP::Check4 (network);
+
+ // 192.168.0.0/20, 0.8.55/158
+ } else if (regexpmatch(network, "^[0123456789\.]+/[0123456789]+$")) {
+ string network_ip = regexpsub (network, "^([0123456789\.]+)/[0123456789]+$", "\\1");
+ string network_mask = regexpsub (network, "^[0123456789\.]+/([0123456789]+)$", "\\1");
+
+ ret = (IP::Check4 (network_ip) && Netmask::Check4 (network_mask));
+
+ // 192.168.0.0/255.255.255.0, 0.8.55/10.258.12
+ } else if (regexpmatch(network, "^[0123456789\.]+/[0123456789\.]+$")) {
+ string network_ip = regexpsub (network, "^([0123456789\.]+)/[0123456789\.]+$", "\\1");
+ string network_mask = regexpsub (network, "^[0123456789\.]+/([0123456789\.]+)$", "\\1");
+
+ ret = (IP::Check4 (network_ip) && Netmask::Check4 (network_mask));
+ }
+
+ if (ret != true && ! Mode::testsuite()) {
+ // TRANSLATORS: error message, %1 represents the erroneous network definition
+ Report::Error (sformat (_("Invalid network definition '%1'.
+Network can be defined as an IP or IP with slash and netmask.
+
+For instance: 192.168.0.1
+or 192.168.0.0/20
+or 192.168.0.0/255.255.255.0
+or 0/0"), network));
+ }
+
+ return ret;
+ }
+
// UI Functions

/**
@@ -384,6 +438,15 @@
}
}

+ boolean CheckPortNameDefinition (string port_name) {
+ if (PortAliases::IsAllowedPortName(port_name)) {
+ return true;
+ } else {
+ Report::Error (PortAliases::AllowedPortNameOrNumber());
+ return false;
+ }
+ }
+
/**
* Function checks list of ports if they exist (are known).
*
@@ -826,6 +889,32 @@
return true;
}

+ string UserReadablePortName (string port, string protocol) {
+ if (port == "") return "";
+ if (port == nil) return nil;
+
+ protocol = tolower (protocol);
+ // Do not seek port number for RPC services
+ if (protocol == "rpc" || protocol == "_rpc_") return port;
+
+ // number
+ if (regexpmatch (port, "^[0123456789]+$")) {
+ string port_name = GetPortName (port);
+ // port name must be known and not the same as defined yet
+ if (port_name != nil && port_name != port) {
+ port = sformat("%1 (%2)", port_name, port);
+ }
+ // not a port range
+ } else if (! regexpmatch (port, "^[0123456789]+:[0123456789]+$")) {
+ string port_number = GetPortNumber (port);
+ if (port_number != nil && port_number != port) {
+ port = sformat("%1 (%2)", port, port_number);
+ }
+ }
+
+ return port;
+ }
+
void RedrawRedirectToMasqueradedIPTable() {
list <term> items = [];

@@ -838,11 +927,7 @@

// printing port names rather then port numbers
foreach (string key, [ "req_port", "to_port" ], {
- string port_name = GetPortName(rule[key]:"");
- // port name must be known and not the same as defined yet
- if (port_name!=nil && port_name!=rule[key]:"") {
- rule[key] = sformat("%1 (%2)", port_name, rule[key]:"");
- }
+ rule[key] = UserReadablePortName (rule[key]:"", rule["protocol"]:"");
});

items = add (items,
@@ -859,12 +944,13 @@
row_id = row_id + 1;
});

- UI::ChangeWidget(`id("table_redirect_masq"), `Items, items);
+ UI::ChangeWidget (`id("table_redirect_masq"), `Items, items);
}


void HandlePopupAddRedirectToMasqueradedIPRule () {
UI::OpenDialog(all_popup_definition, AddRedirectToMasqueradedIPRule());
+ UI::SetFocus (`id("add_source_network"));

boolean ret_value = false;

@@ -1056,4 +1142,164 @@
SuSEFirewall::SetEnableService(new_state);
SuSEFirewall::SetStartService(new_state);
}
+
+ string customrules_current_zone = nil;
+
+ void RedrawCustomRules (string current_zone) {
+ if (current_zone == nil || ! contains (SuSEFirewall::GetKnownFirewallZones(), current_zone)) {
+ y2error("Unknown zone '%1'", current_zone);
+ return nil;
+ }
+
+ list <map <string, string> > rules = SuSEFirewallExpertRules::GetListOfAcceptRules (current_zone);
+
+ // some rules are already defined
+ if (size(rules) > 0) {
+ integer counter = -1;
+ list <term> items = maplist (map <string, string> one_rule, rules, {
+ counter = counter + 1;
+ return `item (
+ `id (counter),
+ one_rule["network"]:"",
+ SuSEFirewall::GetProtocolTranslatedName (one_rule["protocol"]:""),
+ UserReadablePortName (one_rule["dport"]:"", one_rule["protocol"]:""),
+ UserReadablePortName (one_rule["sport"]:"", "")
+ );
+ });
+
+ items = sort (term aa, term bb, items, ``(aa[1]:"" < bb[1]:""));
+
+ UI::ChangeWidget (`id ("custom_rules_table"), `Items, items);
+ UI::ChangeWidget (`id ("remove_custom_rule"), `Enabled, true);
+
+ // no rules defined
+ } else {
+ UI::ChangeWidget (`id ("custom_rules_table"), `Items, []);
+ UI::ChangeWidget (`id ("remove_custom_rule"), `Enabled, false);
+ }
+ }
+
+ void InitCustomRules (string key) {
+ SetFirewallIcon();
+
+ // set the default once, EXT is the first one
+ if (customrules_current_zone == nil) {
+ foreach (string one_zone, (list <string>) union (SuSEFirewall::GetKnownFirewallZones(), ["EXT"]), {
+ // at least one interface in the zone
+ if (size (SuSEFirewall::GetInterfacesInZoneSupportingAnyFeature(one_zone)) > 0)
+ customrules_current_zone = one_zone;
+ });
+ // nothing found, set the default manually
+ if (customrules_current_zone == nil)
+ customrules_current_zone = "EXT";
+ }
+
+ UI::ChangeWidget (`id ("custom_rules_firewall_zone"), `Value, customrules_current_zone);
+
+ RedrawCustomRules (customrules_current_zone);
+ }
+
+ void DeleteSelectedCustomRule (string selected_zone, integer current_item) {
+ if (SuSEFirewallExpertRules::DeleteRuleID (selected_zone, current_item)) {
+ RedrawCustomRules (selected_zone);
+ UI::ChangeWidget (`id("custom_rules_table"), `SelectedItem, 0);
+ }
+ }
+
+ boolean CheckPortNameOrNumber (string port) {
+ // port number
+ if (regexpmatch(port, "^[0123456789]+$")) {
+ return CheckPortNumberDefinition (tointeger (port), port);
+ // not a port range
+ } else if (! regexpmatch(port, "^[0123456789]+:[0123456789]+$")) {
+ return CheckPortNameDefinition (port);
+ }
+ }
+
+ boolean HandlePopupAddCustomRule (string selected_zone) {
+ UI::OpenDialog (all_popup_definition,
+ `HBox (
+ `MinWidth (
+ 30,
+ `RichText (HelpForDialog ("custom-rules-popup"))
+ ),
+ AddCustomFirewallRule()
+ )
+ );
+ UI::SetFocus (`id("add_source_network"));
+
+ boolean ret_value = false;
+
+ while (true) {
+ any ret = UI::UserInput();
+
+ if (ret == "cancel") {
+ break;
+ } else if (ret == "ok") {
+ if (!CheckExistency("add_source_network")) continue;
+ if (!CheckExistency("add_protocol")) continue;
+
+ string add_source_network = (string) UI::QueryWidget(`id("add_source_network"), `Value);
+ string add_protocol = (string) UI::QueryWidget(`id("add_protocol"), `Value);
+ string add_destination_port = (string) UI::QueryWidget(`id("add_destination_port"), `Value);
+ string add_source_port = (string) UI::QueryWidget(`id("add_source_port"), `Value);
+
+ // network is mandatory
+ if (add_source_network == "" || ! CheckNetwork (add_source_network)) {
+ UI::SetFocus (`id ("add_source_network"));
+ continue;
+ }
+ // destination port is optional
+ if (add_destination_port != "" && ! CheckPortNameOrNumber (add_destination_port)) {
+ UI::SetFocus (`id ("add_destination_port"));
+ continue;
+ }
+ // source port is optional
+ if (add_source_port != "" && ! CheckPortNameOrNumber (add_source_port)) {
+ UI::SetFocus (`id ("add_source_port"));
+ continue;
+ }
+
+ SuSEFirewallExpertRules::AddNewAcceptRule (
+ selected_zone,
+ $[
+ "network" : add_source_network,
+ "protocol" : add_protocol,
+ "dport" : add_destination_port,
+ "sport" : add_source_port
+ ]
+ );
+
+ ret_value = true;
+ break;
+ }
+ }
+
+ UI::CloseDialog();
+
+ return ret_value;
+ }
+
+ symbol HandleCustomRules (string key, map event) {
+ any ret = event["ID"]:nil;
+
+ string selected_zone = (string) UI::QueryWidget (`id ("custom_rules_firewall_zone"), `Value);
+
+ if (ret == "custom_rules_firewall_zone") {
+ customrules_current_zone = selected_zone;
+ RedrawCustomRules (selected_zone);
+ } else if (ret == "add_custom_rule") {
+ if (HandlePopupAddCustomRule (selected_zone)) {
+ RedrawCustomRules (selected_zone);
+ }
+ } else if (ret == "remove_custom_rule") {
+ integer current_item = (integer) UI::QueryWidget(`id("custom_rules_table"), `CurrentItem);
+
+ if (current_item != nil && Confirm::DeleteSelected()) {
+ DeleteSelectedCustomRule (selected_zone, current_item);
+ }
+ }
+
+ return nil;
+ }
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/testsuite/tests/Functions.out new/yast2-firewall-2.15.3/testsuite/tests/Functions.out
--- old/yast2-firewall-2.15.1/testsuite/tests/Functions.out 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-firewall-2.15.3/testsuite/tests/Functions.out 2007-02-27 14:56:44.000000000 +0100
@@ -0,0 +1,21 @@
+Read .target.tmpdir nil
+Log Failed to set temporary directory: nil
+Dir .product.features.section: []
+Dump
+Dump == Checking Functions ==
+Return true
+Return true
+Return true
+Return true
+Return true
+Return true
+Return true
+Return true
+Return true
+Return true
+Return false
+Return false
+Return false
+Return false
+Return false
+Dump
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/testsuite/tests/Functions.ycp new/yast2-firewall-2.15.3/testsuite/tests/Functions.ycp
--- old/yast2-firewall-2.15.1/testsuite/tests/Functions.ycp 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-firewall-2.15.3/testsuite/tests/Functions.ycp 2007-02-27 12:44:49.000000000 +0100
@@ -0,0 +1,39 @@
+{
+ include "testsuite.ycp";
+
+ include "firewall/subdialogs.ycp";
+ include "firewall/uifunctions.ycp";
+
+ map READ = $[
+ "target" : $[
+ "tmpdir" : "/tmp",
+ ],
+ ];
+ map WRITE = $[];
+ map EXECUTE = $[];
+
+ TESTSUITE_INIT([READ, WRITE, EXECUTE], nil);
+
+ DUMP ("");
+
+ DUMP ("== Checking Functions ==");
+
+ TEST (``(CheckNetwork("192.168.0.1")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("192.168.0.255")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("192.168.0.1/20")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("192.168.0.255/32")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("192.168.0.1/255.240.0.0")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("192.168.0.255/255.255.255.255")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("192.168.0.1/0")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("172.55.0.0/1")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("0/0")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("255.255.255.255/255.255.255.255")), [READ, WRITE, EXECUTE], nil);
+
+ TEST (``(CheckNetwork("172.55.0.0/33")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("256.168.0.255")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("172.55.0.0/125.85.5.5")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("192.168.0.255/5.5.5")), [READ, WRITE, EXECUTE], nil);
+ TEST (``(CheckNetwork("192.168.0.255/255.255.0.255")), [READ, WRITE, EXECUTE], nil);
+
+ DUMP ("");
+}
\ No newline at end of file
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-firewall-2.15.1/VERSION new/yast2-firewall-2.15.3/VERSION
--- old/yast2-firewall-2.15.1/VERSION 2007-02-22 17:36:31.000000000 +0100
+++ new/yast2-firewall-2.15.3/VERSION 2007-02-28 15:33:15.000000000 +0100
@@ -1 +1 @@
-2.15.1
+2.15.3


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages