Get the last of the firewall page up and running.

Now there are simple options for opening ports and or services.
project-trident · Mar 29, 2020 · f7ec009 · f7ec009
1 parent 7e415a5
commit f7ec009
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 14 deletions.
diff --git a/src-qt5/networkmgr/mainUI.cpp b/src-qt5/networkmgr/mainUI.cpp
@@ -6,6 +6,7 @@
 #include <QMessageBox>
 #include <QInputDialog>
 #include <QFileDialog>
+#include <QMenu>
 
 // === PUBLIC ===
 mainUI::mainUI() : QMainWindow(), ui(new Ui::mainUI()){
@@ -29,6 +30,11 @@ mainUI::mainUI() : QMainWindow(), ui(new Ui::mainUI()){
   connect(ui->combo_conn_devices, SIGNAL(currentIndexChanged(int)), this, SLOT(updateConnectionInfo()) );
   connect(ui->tool_conn_status_refresh, SIGNAL(clicked()), this, SLOT(updateConnectionInfo()) );
 
+  //Setup the menu of shortcuts for firewall rules
+  ui->tool_fw_shortcuts->setMenu(new QMenu(ui->tool_fw_shortcuts));
+  ui->tool_fw_shortcuts->menu()->addAction(tr("Open Port"), this, SLOT(open_fw_port()) );
+  ui->tool_fw_shortcuts->menu()->addAction(tr("Open Port for Service"), this, SLOT(open_fw_service()) );
+
   //Ensure all the page actions are full-width
   this->show();
   QApplication::processEvents();
@@ -619,7 +625,7 @@ void mainUI::refresh_current_firewall(){
   ui->label_fw_status->setText( ui->label_fw_status->whatsThis().arg(running ? tr("Active") : tr("Disabled")) );
   // Now update the profile files and custom rules
   QJsonObject current = NETWORK->current_firewall_files();
-  qDebug() << "Current state:" << current;
+  //qDebug() << "Current state:" << current;
   QString cprofile = current.value("running_profile").toString();
   ui->combo_fw_profile->setWhatsThis(cprofile); //tag the current profile in the backend
   QStringList profiles = current.value("profiles").toObject().keys();
@@ -635,12 +641,15 @@ void mainUI::refresh_current_firewall(){
     ui->combo_fw_profile->setCurrentIndex(ui->combo_fw_profile->count()-1);
   }
   QString crule = ui->combo_fw_rules->currentText();
-  QStringList rules = current.value("rules").toObject().keys();
+  QStringList rules = current.value("custom").toObject().keys();
   ui->combo_fw_rules->clear();
   for(int i=0; i<rules.length(); i++){
-    ui->combo_fw_rules->addItem(rules[i], current.value("rules").toObject().value(rules[i]).toString());
+    //qDebug() << "New Rule:" << rules[i] << current.value("custom").toObject().value(rules[i]);
+    ui->combo_fw_rules->addItem(rules[i], current.value("custom").toObject().value(rules[i]).toString());
     if(crule == rules[i]){ ui->combo_fw_rules->setCurrentIndex(ui->combo_fw_rules->count()-1); }
   }
+  on_combo_fw_profile_currentIndexChanged(0);
+  on_combo_fw_rules_currentIndexChanged(0);
 }
 
 void mainUI::on_tool_fw_start_clicked(){
@@ -676,14 +685,29 @@ void mainUI::on_combo_fw_profile_currentIndexChanged(int){
 
 void mainUI::on_combo_fw_rules_currentIndexChanged(int){
   QString path = ui->combo_fw_rules->currentData().toString();
-  ui->text_fw_rule->setText( Networking::readFile(path).join("\n") );
+  bool ok = !path.isEmpty();
+  ui->tool_fw_applyrule->setEnabled(ok);
+  ui->tool_fw_rmrule->setEnabled(ok);
+  ui->tool_fw_shortcuts->setEnabled(ok);
+  if(ok){
+    ui->text_fw_rule->setText( Networking::readFile(path).join("\n") );
+  }else{
+    ui->text_fw_rule->setText("");
+  }
 }
 
 void mainUI::on_tool_fw_addrule_clicked(){
   //Prompt for the new rule name
-
+  QString profile = QInputDialog::getText(this, tr("New Firewall Rules"), tr("Profile Name:") );
+  QString path = "/etc/firewall-conf/custom-"+profile+".conf";
+  //Make sure this profile does not already exist
+  if(QFile::exists(path)){
+    QMessageBox::warning(this, tr("Error"), tr("Profile already exists"));
+    return;
+  }
   //Add the rule into the list and pre-select it
-
+  ui->combo_fw_rules->addItem(profile, path);
+  ui->combo_fw_rules->setCurrentIndex(ui->combo_fw_rules->count()-1);
 }
 
 void mainUI::on_tool_fw_applyrule_clicked(){
@@ -699,12 +723,45 @@ void mainUI::on_tool_fw_applyrule_clicked(){
 void mainUI::on_tool_fw_rmrule_clicked(){
   QString path = ui->combo_fw_rules->currentData().toString();
   if(path.isEmpty()){ return; }
+  //qDebug() << "Remove Firewall Rules:" << path;
   if( !NETWORK->remove_firewall_rules(path) ){
    QMessageBox::warning(this, tr("Error"), tr("Could not remove firewall rules:")+"\n\n"+ui->combo_fw_rules->currentText());
   }
   QTimer::singleShot(50, this, SLOT(refresh_current_firewall()));
 }
 
-void mainUI::on_tool_fw_shortcuts_clicked(){
-
+void mainUI::open_fw_port(){
+  int port = QInputDialog::getInt(this, tr("Open Firewall Port"), tr("Port Number:"));
+  if(port<0){ return; } //cancelled
+  QString line = "add rule inet filter %1 %2 dport %3 accept";
+  QStringList newLines;
+    newLines << line.arg("input", "tcp", QString::number(port));
+    newLines << line.arg("output", "tcp", QString::number(port));
+    newLines << line.arg("input", "udp", QString::number(port));
+    newLines << line.arg("output", "udp", QString::number(port));
+  ui->text_fw_rule->append("\n"+newLines.join("\n"));
+}
+
+void mainUI::open_fw_service(){
+  QJsonObject svcs = NETWORK->known_services();
+  QString service = QInputDialog::getItem(this, tr("Open Firewall for Service"), tr("Select a service:"), svcs.keys(), 0, false);
+  if(service.isEmpty()){ return; } //cancelled
+  QJsonArray info = svcs.value(service).toArray();
+  //qDebug() << "Service Info:" << service << info;
+  bool tcp, udp;
+  for(int i=0; i<info.count(); i++){
+    if(info[i].toString().endsWith("/tcp")){ tcp = true; }
+    else if(info[i].toString().endsWith("/udp")){ udp = true; }
+  }
+  QString line = "add rule inet filter %1 %2 dport %3 accept";
+  QStringList newLines;
+  if(tcp){
+    newLines << line.arg("input", "tcp", service);
+    newLines << line.arg("output", "tcp", service);
+  }
+  if(udp){
+    newLines << line.arg("input", "udp", service);
+    newLines << line.arg("output", "udp", service);
+  }
+  ui->text_fw_rule->append("\n"+newLines.join("\n"));
 }
diff --git a/src-qt5/networkmgr/mainUI.h b/src-qt5/networkmgr/mainUI.h
@@ -92,7 +92,8 @@ private slots:
 	void on_tool_fw_addrule_clicked();
 	void on_tool_fw_applyrule_clicked();
 	void on_tool_fw_rmrule_clicked();
-	void on_tool_fw_shortcuts_clicked();
+	void open_fw_port();
+	void open_fw_service();
 };
 
 #endif
diff --git a/src-qt5/networkmgr/network.cpp b/src-qt5/networkmgr/network.cpp
@@ -430,8 +430,9 @@ QJsonObject Networking::current_firewall_files(){
   QJsonObject profiles, custom;
   for(int i=0; i<files.length(); i++){
     QString abspath = dir.absoluteFilePath(files[i]);
+    //qDebug() << "File:" << files[i] << abspath;
     if(files[i].startsWith("custom-")){
-      profiles.insert(files[i].section("-",1,-1).section(".",0,-2), abspath);
+      custom.insert(files[i].section("-",1,-1).section(".",0,-2), abspath);
     }else{
       profiles.insert(files[i].section(".",0,-2), abspath);
     }
@@ -450,19 +451,31 @@ bool Networking::change_firewall_profile(QString path){
 }
 
 bool Networking::save_firewall_rules(QString path, QStringList contents){
-  return writeFileAsRoot(path, contents, QStringList() << "sv" << "restart" << "nftables", "744");
+  return writeFileAsRoot(path, contents, QStringList() << "sv" << "restart" << "nftables", "644");
 }
 
 bool Networking::remove_firewall_rules(QString path){
   if(!QFile::exists(path)){ return true; } //does not exist in the first place
-  if(!QFileInfo(path).canonicalPath().startsWith("/etc/firewall-conf/")){ return false; }
+  if(!QFileInfo(path).canonicalFilePath().startsWith("/etc/firewall-conf/")){ qDebug() << "Canonical Path:" << QFileInfo(path).canonicalPath(); return false; }
   bool ok = CmdReturn("qsudo", QStringList() << "rm" << "-f" << path);
   if(ok){
     CmdReturn("qsudo", QStringList() << "sv" << "restart" << "nftables");
   }
   return ok;
 }
 
+QJsonObject Networking::known_services(){
+  static QJsonObject known;
+  if(known.isEmpty()){
+    QStringList contents = readFile("/etc/services");
+    for(int i=0; i<contents.length(); i++){
+      QStringList info = contents[i].split(" ",QString::SkipEmptyParts);
+      if(info.length() != 2){ continue; }
+      known.insert(info[0], known.value(info[0]).toArray() << info[1]);
+    }
+  }
+  return known;
+}
 
 //General Purpose functions
 QStringList Networking::readFile(QString path){
@@ -510,14 +523,14 @@ bool Networking::writeFileAsRoot(QString path, QStringList contents, QStringList
   QString tmppath = "/tmp/."+path.section("/",-1);
   bool ok = writeFile(tmppath, contents);
   if(!ok){ return false; } //could not write the temp file
-  ok = CmdReturn("qsudo", QStringList() << "mv" << "-f" << path << path+".old");
+  if(QFile::exists(path)){ ok = CmdReturn("qsudo", QStringList() << "mv" << "-f" << path << path+".old"); }
   if(ok){
     if(ok){ ok = CmdReturn("qsudo", QStringList() << "mv" << tmppath << path); }
     if(ok){
       CmdReturn("qsudo", QStringList() << "chown" << "root:root" << path);
       if(!perms.isEmpty()){ CmdReturn("qsudo", QStringList() << "chmod" << perms << path); }
       if(!loadCmd.isEmpty()){ ok = CmdReturn("qsudo", loadCmd); }
-      if(!ok){
+      if(!ok && QFile::exists(path+".old") ){
         //Restore the previous config file and restart again
         CmdReturn("qsudo", QStringList() << "mv" << "-f" << path+".old" << path);
         if(!loadCmd.isEmpty()){ ok = CmdReturn("qsudo", loadCmd); }

diff --git a/src-qt5/networkmgr/network.h b/src-qt5/networkmgr/network.h
@@ -62,6 +62,7 @@ class Networking : public QObject {
 	bool change_firewall_profile(QString path);
 	bool save_firewall_rules(QString path, QStringList contents);
 	bool remove_firewall_rules(QString path);
+	QJsonObject known_services();
 
 	//General Purpose functions
 	static QStringList readFile(QString path);