From 05bb37e86245634a6c8a8a564f7e071b80ea227f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustavo=20I=C3=B1iguez=20Goia?= Date: Thu, 13 Apr 2023 00:07:08 +0200 Subject: [PATCH] ui, fw: added more checks for rules creation - Don't allow a 0 or empty statement value, except for Meta. - snat, dnat and redirect parameters must contain ":" to specify a port or ip+port (192.168.1.1:8080, :8080). - queue verdict parameter must be an integer. --- ui/opensnitch/dialogs/firewall_rule.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/ui/opensnitch/dialogs/firewall_rule.py b/ui/opensnitch/dialogs/firewall_rule.py index 616b32b9..af8a4645 100644 --- a/ui/opensnitch/dialogs/firewall_rule.py +++ b/ui/opensnitch/dialogs/firewall_rule.py @@ -1042,6 +1042,20 @@ class FwRuleDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]): if self.lineVerdictParms.text() == "": return None, None, None, QC.translate("firewall", "Verdict ({0}) parameters cannot be empty.".format(verdict)) + # these verdicts parameters need ":" to specify a port or ip:port + if (self.comboVerdict.currentText().lower() == Config.ACTION_REDIRECT or \ + self.comboVerdict.currentText().lower() == Config.ACTION_TPROXY or \ + self.comboVerdict.currentText().lower() == Config.ACTION_SNAT or \ + self.comboVerdict.currentText().lower() == Config.ACTION_DNAT) and \ + ":" not in self.lineVerdictParms.text(): + return None, None, None, QC.translate("firewall", "Verdict ({0}) parameters format is: :port.".format(verdict)) + + if self.comboVerdict.currentText().lower() == Config.ACTION_QUEUE: + try: + t = int(self.lineVerdictParms.text()) + except: + return None, None, None, QC.translate("firewall", "Verdict ({0}) parameters format must be a number".format(verdict)) + vidx = self.comboVerdictParms.currentIndex() _target_parms = "{0} {1}".format( self.comboVerdictParms.itemData(vidx), @@ -1074,7 +1088,7 @@ class FwRuleDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]): statem_value = self.statements[k]['value'].currentText() val_idx = self.statements[k]['value'].currentIndex() - if statem_value == "" or statem_value == "0": + if statem_value == "" or (statem_value == "0" and st_idx != self.STATM_META): return None, None, None, QC.translate("firewall", "value cannot be 0 or empty.") if st_idx == self.STATM_QUOTA: