# # Copyright (C) 2007, 2009 Red Hat, Inc. # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import sys, types, os.path # import s-c-nw device list #sys.path.append("/usr/share/system-config-network") #from netconfpkg import NCDeviceList from fw_config import * import fw_services import fw_icmp from fw_functions import getPortID, getServiceName, getPortRange, checkIP, \ checkInterface from fw_parser import * from fw_sysconfig import * import fw_iptables import fw_nm from snack import * class ui: def init(self): # snack self.screen = SnackScreen() self.screen.drawRootText(0, 0, APP_NAME) #self.screen.popHelpLine() self.config = None self.toplevel = GridForm(self.screen, _("Firewall Configuration"), 1, 6) tr = TextboxReflowed( 50, _("A firewall protects against unauthorized network intrusions. Enabling a firewall blocks all incoming connections. Disabling a firewall allows all connections and is not recommended. ")) self.toplevel.add(tr, 0, 0, padding=(0,0,0,1), growx=1) grid = Grid(2, 1) grid.setField(Label(_("Firewall:")), 0, 0, padding=(0,0,1,0)) self.enabled = Checkbox(_("Enabled")) grid.setField(self.enabled, 1, 0, padding=(0,0,0,0)) self.toplevel.add(grid, 0, 1, padding=(0,0,0,1)) self.toplevel.bb = ButtonBar(self.screen, ((_("OK"), "ok"), (_("Customize"), "customize"), (_("Cancel"), "cancel"))) self.toplevel.add(self.toplevel.bb, 0, 3, growx=1) self.tabs = [ ] # trusted services tab = GridForm(self.screen, _("Trusted Services"), 1, 6) tab.bb = None tab.bb_work = None tr = TextboxReflowed( 60, _("Here you can define which services are trusted. Trusted services are accessible from all hosts and networks.")) tab.add(tr, 0, 2, padding=(0,0,0,1), growx=1) self.services = CheckboxTree(6, scroll=1) keys = [ svc.name for svc in fw_services.service_list ] keys.sort() for key in keys: svc = fw_services.getByName(key) self.services.append(svc.name, svc, selected=False) tab.add(self.services, 0, 3, padding=(0,0,1,1), anchorTop=1, growx=1) self.tabs.append(tab) # other ports tab = GridForm(self.screen, _("Other Ports"), 1, 6) tab.bb = None tab.bb_work = None tr = TextboxReflowed( 60, _("Add additional ports or port ranges, which need to be accessible for all hosts or networks.")) tab.add(tr, 0, 2, padding=(0,0,0,1), growx=1) self.other_ports_box = Listbox(4, scroll=1) self.other_ports = [ ] tab.bb_work = ButtonBar(self.screen, ((_("Add"), "ports_add"), (_("Edit"), "ports_edit"), (_("Remove"), "ports_remove")), compact=1) grid = Grid(1, 2) grid.setField(self.other_ports_box, 0, 0, padding=(0,0,0,0), anchorTop=1) grid.setField(tab.bb_work, 0, 1, padding=(0,0,0,0), anchorTop=1) tab.add(grid, 0, 3, padding=(0,0,1,1), anchorTop=1) self.tabs.append(tab) # trusted interfaces tab = GridForm(self.screen, _("Trusted Interfaces"), 1, 6) tab.bb = None tab.bb_work = None tr = TextboxReflowed( 60, _("Mark all interfaces as trusted which should have full access to the system.")) tab.add(tr, 0, 2, padding=(0,0,0,1), growx=1) self.trust = CheckboxTree(4, scroll=1) tab.add(self.trust, 0, 3, padding=(0,0,1,1), anchorTop=1) tab.bb_work = ButtonBar(self.screen, ((_("Add"), "trust_interface_add"),), compact=1) grid = Grid(1, 2) grid.setField(self.trust, 0, 0, padding=(0,0,0,0), anchorTop=1) grid.setField(tab.bb_work, 0, 1, padding=(0,0,0,0), anchorTop=1) tab.add(grid, 0, 3, padding=(0,0,1,1), anchorTop=1) self.tabs.append(tab) # masquerading tab = GridForm(self.screen, _("Masquerading"), 1, 6) tab.bb = None tab.bb_work = None tr = TextboxReflowed( 60, _("Mark the interfaces to be masqueraded.")) tab.add(tr, 0, 2, padding=(0,0,0,1), growx=0, anchorLeft=1, anchorTop=1) self.masq = CheckboxTree(4, scroll=1) tab.add(self.masq, 0, 4, padding=(0,0,1,1), anchorTop=1) tab.bb_work = ButtonBar(self.screen, ((_("Add"), "masq_interface_add"),), compact=1) grid = Grid(1, 2) grid.setField(self.masq, 0, 0, padding=(0,0,0,0), anchorTop=1) grid.setField(tab.bb_work, 0, 1, padding=(0,0,0,0), anchorTop=1) tab.add(grid, 0, 4, padding=(0,0,1,1), anchorTop=1) self.tabs.append(tab) # port forwarding tab = GridForm(self.screen, _("Port Forwarding"), 1, 6) tab.bb = None tab.bb_work = None tr = TextboxReflowed( 60, _("Add entries to forward ports either from one port to another on the local system or from the local system to another system. Forwarding to another system is only useful if the interface is masqueraded. Port forwarding is IPv4 only.")) tab.add(tr, 0, 2, padding=(0,0,0,1), growx=1, anchorLeft=1, anchorTop=1) self.forward_port_box = Listbox(4, scroll=1) self.forward_port = [ ] tab.bb_work = ButtonBar(self.screen, ((_("Add"), "forward_port_add"), (_("Edit"), "forward_port_edit"), (_("Remove"), "forward_port_remove")), compact=1) grid = Grid(1, 2) grid.setField(self.forward_port_box, 0, 0, padding=(0,0,0,0), anchorTop=1) grid.setField(tab.bb_work, 0, 1, padding=(0,0,0,0), anchorTop=1) tab.add(grid, 0, 3, padding=(0,0,1,1), anchorTop=1) self.tabs.append(tab) # icmp filter tab = GridForm(self.screen, _("ICMP Filter"), 1, 6) tab.bb = None tab.bb_work = None tr = TextboxReflowed( 60, _("Mark the ICMP types in the list, which should be rejected. All other ICMP types are allowed to pass the firewall. The default is no limitation.")) tab.add(tr, 0, 2, padding=(0,0,0,1), growx=0, anchorLeft=1, anchorTop=1) self.block_icmp = CheckboxTree(4, scroll=1) for icmp in fw_icmp.icmp_list: self.block_icmp.append(icmp.name, selected=False) tab.add(self.block_icmp, 0, 4, padding=(0,0,1,1), anchorTop=1) self.tabs.append(tab) tab = GridForm(self.screen, _("Custom Rules"), 1, 6) tab.bb = None tab.bb_work = None tr = TextboxReflowed( 60, _("Use custom rules files to add additional rules to the firewall. The custom rules are added after the default rules. The files must have the iptables-save format.")) tab.add(tr, 0, 2, padding=(0,0,0,1), growx=1, anchorLeft=1, anchorTop=1) self.custom_rules_box = Listbox(4, scroll=1) self.custom_rules = [ ] tab.bb_work = ButtonBar(self.screen, ((_("Add"), "custom_rules_add"), (_("Edit"), "custom_rules_edit"), (_("Remove"), "custom_rules_remove")), compact=1) grid = Grid(1, 2) grid.setField(self.custom_rules_box, 0, 0, padding=(0,0,0,0), anchorTop=1) grid.setField(tab.bb_work, 0, 1, padding=(0,0,0,0), anchorTop=1) tab.add(grid, 0, 3, padding=(0,0,1,1), anchorTop=1) self.tabs.append(tab) # add buttons to all tabs for i in xrange(len(self.tabs)): tab = self.tabs[i] buttons = [ ] if i < len(self.tabs) - 1: buttons.append((_("Forward"), "forward")) if i > 0: buttons.append((_("Back"), "back")) buttons.append((_("Close"), "close")) tab.bb = ButtonBar(self.screen, buttons) tab.add(tab.bb, 0, 5, anchorRight=1) def loadConfig(self, config): self.config = config if self.config.enabled: self.enabled.setValue("*") else: self.enabled.setValue(" ") # get network devices devices = [ ] for dev in STD_DEVICES: devices.append(dev+"+") # try: # list = NCDeviceList.getDeviceList() # except: # pass # else: # for dev in list: # if dev.Alias and dev.Alias != "": # # ignore device aliases: not usable for iptables # continue # if not dev.Device in devices: # devices.append(dev.Device) try: devs = fw_nm.device_list() except: pass else: devices.extend(devs.keys()) if config.trust: for dev in config.trust: if dev not in devices: devices.append(dev) if config.masq: for dev in config.masq: if dev not in devices: devices.append(dev) devices.sort() self.trust_list = [ ] self.masq_list = [ ] for dev in devices: self.trust.append(dev, selected=False) self.trust_list.append(dev) self.masq.append(dev, selected=False) self.masq_list.append(dev) # trusted services for svc in fw_services.service_list: enabled = False if svc.key in config.services: enabled = True self.services.setEntryValue(svc, selected=enabled) # other ports self.other_ports_box.clear() self.other_ports = [ ] if config.ports: for entry in config.ports: str = self._portStr(entry[0], entry[1]) if str not in self.other_ports: self.other_ports.append(entry) self.other_ports_box.append(str, entry) # trusted interfaces for dev in devices: enabled = False if config.trust and dev in config.trust: enabled = True self.trust.setEntryValue(dev, selected=enabled) # masquerading for dev in devices: enabled = False if config.masq and dev in config.masq: enabled = True self.masq.setEntryValue(dev, selected=enabled) # port forwarding self.forward_port_box.clear() self.forward_port = [ ] if config.forward_port: for fwd in config.forward_port: array = ( fwd["if"], fwd["proto"], fwd["port"], (fwd["toaddr"] if fwd.has_key("toaddr") else ""), (fwd["toport"] if fwd.has_key("toport") else "") ) if array not in self.forward_port: line = "%s %s ->" % (fwd["if"], self._portStr(fwd["port"], fwd["proto"])) if fwd.has_key("toaddr"): line += " %s" % fwd["toaddr"] if fwd.has_key("toport"): line += " %s" % self._portStr(fwd["toport"], fwd["proto"]) self.forward_port.append(array) self.forward_port_box.append(line, array) # icmp filer for icmp in fw_icmp.icmp_list: enabled = False if icmp.key in self.config.block_icmp: enabled = True self.block_icmp.setEntryValue(icmp.name, selected=enabled) # custom rules self.custom_rules_box.clear() self.custom_rules = [ ] if config.custom_rules: for entry in config.custom_rules: if entry not in self.custom_rules: line = ':'.join(entry) self.custom_rules.append(entry) self.custom_rules_box.append(line, entry) def _portStr(self, port, proto): if len(port) == 1: return "%s:%s" % (port[0], proto) else: return "%s-%s:%s" % (port[0], port[1], proto) def __simplePortStr(self, port): if len(port) == 1: return "%s" % port[0] else: return "%s-%s" % (port[0], port[1]) def _forwardStr(self, interface, protocol, port, to_address, to_port): line = "%s %s ->" % (interface, self._portStr(port, protocol)) if to_address: line += " %s" % to_address if to_port: line += " %s" % self._portStr(to_port, protocol) return line def dialog(self, type, text, text2=None, buttons=((_("OK"), "ok"),)): dialog = GridForm(self.screen, type, 1, 3) dialog.add(TextboxReflowed(40, text), 0, 0, padding=(0,0,0,1), anchorLeft=1, growx=1) if text2: dialog.add(TextboxReflowed(40, text2), 0, 1, padding=(0,0,0,1), anchorLeft=1, growx=1) bb = ButtonBar(self.screen, buttons) dialog.add(bb, 0, 2, growx=1) ret = bb.buttonPressed(dialog.runPopup()) self.screen.popWindow() return ret def error(self, text, text2=None, buttons=((_("OK"), "ok"),)): return self.dialog(_("Error"), text, text2, buttons) def warning(self, text, text2=None, buttons=((_("OK"), "ok"),)): return self.dialog(_("Warning"), text, text2, buttons) def port_error(self, port): self.error(_("Port or port range '%s' is not valid.") % port, _("Valid values: [-], where " "port is either a number [0..65535] " "or a service name.")) def protocol_error(self, protocol): self.error(_("Protocol '%s' is not valid.") % protocol, _("Valid values: tcp, udp")) def port_selection(self, port=None, protocol=None): _port = ( self.__simplePortStr(port) if port else "" ) _protocol = ( protocol if protocol else "" ) while 1: (res, values) = EntryWindow(\ self.screen, ("Port and Protocol"), _("Please enter a port or port range and protocol."), ((_("Port / Port Range:"), _port), (_("Protocol:"), _protocol)), buttons=((_("OK"), "ok"), (_("Cancel"), "cancel"))) self.screen.popWindow() if res == 'ok': error = False # port _port = values[0].strip() port = getPortRange(_port) if not (isinstance(port, types.ListType) or \ isinstance(port, types.TupleType)): self.port_error(_port) error = True port = None # protocol _protocol = values[1].strip() if not _protocol in [ "tcp", "udp" ]: self.protocol_error(_protocol) error = True else: protocol = _protocol if error: continue return (port, protocol) elif res == 'cancel': return None def interface_selection(self, interface=None): _interface = ( interface if interface else "" ) while 1: (res, values) = EntryWindow(\ self.screen, _("Add Interface"), "", ((_("Interface:"), _interface),), buttons=((_("OK"), "ok"), (_("Cancel"), "cancel"))) self.screen.popWindow() if res == 'ok': error = False # interface __interface = values[0].strip() if not len(__interface) > 0 or not checkInterface(__interface): self.error(_("Interface '%s' is not valid.") % __interface) error = True else: _interface = __interface if error: continue return _interface elif res == 'cancel': return None def forward_port_selection(self, interface=None, protocol=None, port=None, to_address=None, to_port=None): _interface = ( interface if interface else "" ) _protocol = ( protocol if protocol else "" ) _port = ( self.__simplePortStr(port) if port else "" ) _to_address = ( to_address if to_address else "" ) _to_port = ( self.__simplePortStr(to_port) if to_port else "" ) while 1: dialog = GridForm(self.screen, _("Port Forwarding"), 1, 6) tr = TextboxReflowed(40, _("Please select the source and " "destination options according " "to your needs.")) dialog.add(tr, 0, 0, padding=(0,0,0,1), growx=1) dialog.add(TextboxReflowed(40, _("Source (all needed)")), 0, 1, padding=(0,0,0,0), growx=1, anchorLeft=1) grid = Grid(2, 3) grid.setField(Label(_("Interface:")), 0, 0, padding=(0,0,1,0), anchorLeft=1) dialog.interface = Entry(20, text=_interface) grid.setField(dialog.interface, 1, 0, padding=(0,0,1,0), anchorLeft=1) grid.setField(Label(_("Protocol:")), 0, 1, padding=(0,0,1,0), anchorLeft=1) dialog.protocol = Entry(20, text=_protocol) grid.setField(dialog.protocol, 1, 1, padding=(0,0,1,0), anchorLeft=1) grid.setField(Label(_("Port / Port Range:")), 0, 2, padding=(0,0,1,0), anchorLeft=1) dialog.port = Entry(20, text=_port) grid.setField(dialog.port, 1, 2, padding=(0,0,1,0), anchorLeft=1) dialog.add(grid, 0, 2, padding=(0,0,0,1)) dialog.add(TextboxReflowed(40, _("Destination (at least one " "needed)")), 0, 3, padding=(0,0,0,0), growx=1, anchorLeft=1) grid = None grid = Grid(2, 2) grid.setField(Label(_("IP address:")), 0, 0, padding=(0,0,1,0), anchorLeft=1) dialog.to_address = Entry(20, text=_to_address) grid.setField(dialog.to_address, 1, 0, padding=(0,0,1,0), anchorLeft=1) grid.setField(Label(_("Port / Port Range:")), 0, 1, padding=(0,0,1,0), anchorLeft=1) dialog.to_port = Entry(20, text=_to_port) grid.setField(dialog.to_port, 1, 1, padding=(0,0,1,0), anchorLeft=1) dialog.add(grid, 0, 4, padding=(0,0,0,1)) dialog.bb = ButtonBar(self.screen, ((_("OK"), "ok"), (_("Cancel"), "cancel"))) dialog.add(dialog.bb, 0, 5, growx=1) res = dialog.bb.buttonPressed(dialog.runPopup()) self.screen.popWindow() values = (dialog.interface.value(), dialog.protocol.value(), dialog.port.value(), dialog.to_address.value(), dialog.to_port.value()) if res == 'ok': error = False # interface _interface = values[0].strip() if not len(_interface) > 0 or not checkInterface(_interface): self.error(_("Interface '%s' is not valid.") % _interface) error = True else: interface = _interface # protocol _protocol = values[1].strip() if not _protocol in [ "tcp", "udp" ]: self.protocol_error(_protocol) error = True else: protocol = _protocol # port _port = values[2].strip() port = getPortRange(_port) if not (isinstance(port, types.ListType) or \ isinstance(port, types.TupleType)): self.port_error(_port) error = True port = None # to_address _to_address = values[3].strip() if len(_to_address) > 0 and not checkIP(_to_address): self.error(_("Address '%s' is not valid.") % _to_address) error = True to_address = None else: to_address = _to_address # to_port _to_port = values[4].strip() if len(_to_port) > 0: to_port = getPortRange(_to_port) if not (isinstance(to_port, types.ListType) or \ isinstance(to_port, types.TupleType)): self.port_error(_to_port) error = True to_port = None if error: continue if not interface or not protocol or not port: continue if not to_address and not to_port: continue return (interface, protocol, port, to_address, to_port) elif res == 'cancel': return None def custom_rules_selection(self, type=None, table=None, filename=None): _type = ( type if type else "" ) _table = ( table if table else "" ) _filename = ( filename if filename else "" ) while 1: (res, values) = EntryWindow(\ self.screen, ("Custom Rules File"), _("Please select the protocol type, the firewall table and " "the file containing the rules."), ((_("Protocol Type"), _type), (_("Firewall Table"), _table), (_("File"), _filename )), buttons=((_("OK"), "ok"), (_("Cancel"), "cancel"))) self.screen.popWindow() if res == 'ok': error = False # type _type = values[0].strip() if not _type in FIREWALL_TYPES: self.error(_("The protocol type '%s' is not " "valid.") % _type, _("Valid values: %s") % ",".join(FIREWALL_TYPES)) error = True type = None else: type = _type # table _table = values[1].strip() if not _table in FIREWALL_TABLES: self.error(_("The firewall table '%s' is not " "valid.") % _table, _("Valid values: %s") % \ ",".join(FIREWALL_TABLES)) error = True table = None else: table = _table # filename _filename = values[2].strip() if not _filename or not os.path.exists(_filename) or \ not os.path.isfile(_filename): self.error(_("The file '%s' does not exist.") % _filename) error = True filename = None else: filename = _filename # ipv6 has no nat support if type == "ipv6" and table == "nat": self.error(_("IPv6 has no nat support.")) error = True if error: continue return (type, table, filename) elif res == 'cancel': return None def finish(self): self.screen.finish() def genArgs(self): # With the new enabled/disabled behavior, we have to ignore the config # file or else you can only ever turn on services. args = [ "/usr/sbin/lokkit", '-f', '-v' ] if self.enabled.selected(): args.append('--enabled') else: args.append('--disabled') # trusted interfaces for dev in self.trust.getSelection(): args.append("--trust=%s" % dev) # masquerading for dev in self.masq.getSelection(): args.append("--masq=%s" % dev) # trusted services selected = self.services.getSelection() for svc in fw_services.service_list: if svc in selected: args.append("--service=%s" % svc.key) for module in svc.modules: args.append("--addmodule=%s" % module) else: if self.config and self.config.services and \ svc.key in self.config.services: for module in svc.modules: args.append("--removemodule=%s" % module) # other ports for (port, proto) in self.other_ports: args.append("--port=%s" % self._portStr(port, proto)) # port forwarding for entry in self.forward_port: line = "--forward-port=if=%s:port=%s:proto=%s" % \ (entry[0], self.__simplePortStr(entry[2]), entry[1]) if entry[4]: line += ":toport=%s" % self.__simplePortStr(entry[4]) if entry[3]: line += ":toaddr=%s" % entry[3] args.append(line) # icmp filter for name in self.block_icmp.getSelection(): icmp = fw_icmp.getByName(name) args.append("--block-icmp=%s" % icmp.key) # custom rules for (type, table, filename) in self.custom_rules: args.append("--custom-rules=%s:%s:%s" % (type, table, filename)) return args def apply(self): args = self.genArgs() res = self.warning(_("Clicking the 'Yes' button will override " "any existing firewall configuration. " "Are you sure that you want to do this?"), _("Please remember to check if the services " "iptables and ip6tables are enabled."), buttons=((_("Yes"), "yes"), (_("No"), "no"))) if res == 'no': return None (rfd, wfd) = os.pipe() pid = os.fork() if pid == 0: try: os.close(rfd) fd = os.open("/dev/null", os.O_RDONLY) if fd != 0: os.dup2(fd, 0) os.close(fd) if wfd != 1: os.dup2(wfd, 1) os.close(wfd) os.dup2(1, 2) os.execv(args[0], args) finally: os._exit(255) os.close(wfd) # no need to read in chunks if we don't pass on data to some # output func cret = "" cout = os.read(rfd, 8192) while cout: cret += cout cout = os.read(rfd, 8192) os.close(rfd) (cpid, status) = os.waitpid(pid, 0) # failed to configure firewall, show error message if status != 0: # do not use dialog, message can be long self.screen.suspend() print print _("Configuration failed") print " ".join(args) print cret print _("Hit enter to continue.") raw_input() self.screen.resume() return 1 return 0 def readFile(self): self.ignore_all = False config = read_sysconfig_config() if not config: # create empty config object config = parseSysconfigArgs(["--disabled"], source=None) self.loadConfig(config) # Check if firewall config files exist if config.enabled and not \ (os.path.exists(IP4TABLES_RULES) and \ os.path.isfile(IP4TABLES_RULES) and \ os.path.exists(IP6TABLES_RULES) and \ os.path.isfile(IP6TABLES_RULES)): files = [ ] if not os.path.exists(IP4TABLES_RULES) or \ not os.path.isfile(IP4TABLES_RULES): files.append(IP4TABLES_RULES) if not os.path.exists(IP6TABLES_RULES) or \ not os.path.isfile(IP6TABLES_RULES): files.append(IP6TABLES_RULES) self.warning(_("The firewall configuration is not consistent."), _("The following files are missing or unusable:\n" "\t%s\n\n" "Apply your firewall configuration now to correct " "this problem.") % "\n\t".join(files)) if config.converted: self.warning(_("Old firewall configuration."), _("Your firewall configuration was converted from an " "old version. Please verify the configuration and " "apply.")) return config def parse_error(self, msg): if self.ignore_all: return result = self.dialog(_("Parse error in config file"), msg, buttons=((_("Ignore"), "ignore"), (_("Ignore All"), "ignore_all"), (_("Quit"), "quit"))) if result == "ignore_all": self.ignore_all = True elif result != "ignore": self.finish() sys.exit(2) def parse_exit(self, status=0): sys.exit(status) def main(self): while 1: res = self.toplevel.runPopup() str = self.toplevel.bb.buttonPressed(res) self.screen.popWindow() if str == 'ok': if self.apply() == 0: return True elif str == 'cancel': return False elif str == 'customize': if not self.enabled.selected(): self.error(_("The firewall is disabled.")) continue self.tab_pos = 0 while 1: res2 = self.tabs[self.tab_pos].runPopup() self.screen.popWindow() str = self.tabs[self.tab_pos].bb.buttonPressed(res2) if not str and self.tabs[self.tab_pos].bb_work: str = self.tabs[self.tab_pos].bb_work.buttonPressed(res2) if str == 'close': break elif str == 'back': self.screen.refresh() if self.tab_pos > 0: self.tab_pos -= 1 elif str == 'forward': self.screen.refresh() if self.tab_pos < len(self.tabs): self.tab_pos += 1 # other ports elif str == 'ports_add': res3 = self.port_selection() if res3 and res3 not in self.other_ports: str = self._portStr(res3[0], res3[1]) self.other_ports.append(res3) self.other_ports_box.append(str, res3) elif str == 'ports_edit': try: item = self.other_ports_box.current() except: pass else: (ports, proto) = item res3 = self.port_selection(ports, proto) if res3 and res3 not in self.other_ports: self.other_ports.remove(item) self.other_ports_box.delete(item) str = self._portStr(res3[0], res3[1]) self.other_ports.append(res3) self.other_ports_box.append(str, res3) elif str == 'ports_remove': try: item = self.other_ports_box.current() except: pass else: self.other_ports.remove(item) self.other_ports_box.delete(item) # trusted interfaces elif str == 'trust_interface_add': self.screen.popWindow() str = self.tabs[self.tab_pos].bb.buttonPressed(res2) if not str and self.tabs[self.tab_pos].bb_work: str = self.tabs[self.tab_pos].bb_work.buttonPressed(res2) if str == 'close': break elif str == 'back': self.screen.refresh() if self.tab_pos > 0: self.tab_pos -= 1 elif str == 'forward': self.screen.refresh() if self.tab_pos < len(self.tabs): self.tab_pos += 1 # other ports elif str == 'ports_add': res3 = self.port_selection() if res3 and res3 not in self.other_ports: str = self._portStr(res3[0], res3[1]) self.other_ports.append(res3) self.other_ports_box.append(str, res3) elif str == 'ports_edit': try: item = self.other_ports_box.current() except: pass else: (ports, proto) = item res3 = self.port_selection(ports, proto) if res3 and res3 not in self.other_ports: self.other_ports.remove(item) self.other_ports_box.delete(item) str = self._portStr(res3[0], res3[1]) self.other_ports.append(res3) self.other_ports_box.append(str, res3) elif str == 'ports_remove': try: item = self.other_ports_box.current() except: pass else: self.other_ports.remove(item) self.other_ports_box.delete(item) # trusted interfaces elif str == 'trust_interface_add': dev = self.interface_selection() if dev and dev not in self.trust_list: self.trust.append(dev, selected=True) self.trust.setCurrent(dev) self.trust_list.append(dev) # draw spaces to the screen to overwrite screen corruption of setCurrent call for i in xrange(1,20): self.screen.drawRootText(1, i, " ".ljust(60)) # masqueraded interfaces elif str == 'masq_interface_add': dev = self.interface_selection() if dev and dev not in self.masq_list: self.masq.append(dev, selected=True) self.masq.setCurrent(dev) self.masq_list.append(dev) # draw spaces to the screen to overwrite screen corruption of setCurrent call for i in xrange(1,20): self.screen.drawRootText(1, i, " ".ljust(60)) # forward port elif str == 'forward_port_add': res3 = self.forward_port_selection() if res3 and res3 not in self.forward_port: str = self._forwardStr(res3[0], res3[1], res3[2], res3[3], res3[4]) self.forward_port.append(res3) self.forward_port_box.append(str, res3) elif str == 'forward_port_edit': try: item = self.forward_port_box.current() except: pass else: (interface, proto, port, to_address, to_port) = item res3 = self.forward_port_selection(interface, proto, port, to_address, to_port) if res3 and res3 not in self.forward_port: self.forward_port.remove(item) self.forward_port_box.delete(item) str = self._forwardStr(res3[0], res3[1], res3[2], res3[3], res3[4]) self.forward_port.append(res3) self.forward_port_box.append(str, res3) elif str == 'forward_port_remove': try: item = self.forward_port_box.current() except: pass else: self.forward_port.remove(item) self.forward_port_box.delete(item) # custom rules elif str == 'custom_rules_add': res3 = self.custom_rules_selection() if res3 and res3 not in self.custom_rules: str = ":".join(res3) self.custom_rules.append(res3) self.custom_rules_box.append(str, res3) elif str == 'custom_rules_edit': try: item = self.custom_rules_box.current() except: pass else: (type, table, filename) = item res3 = self.custom_rules_selection(type, table, filename) if res3 and res3 not in self.custom_rules: self.custom_rules.remove(item) self.custom_rules_box.delete(item) str = ":".join(res3) self.custom_rules.append(res3) self.custom_rules_box.append(str, res3) elif str == 'custom_rules_remove': try: item = self.custom_rules_box.current() except: pass else: self.custom_rules.remove(item) self.custom_rules_box.delete(item) def run(self): self.init() self.readFile() res = self.main() self.finish() return res