make it more nftables style:
ip daddr 127.0.0.1 tcp dport 53 accept
instead of:
ip daddr == 127.0.0.1 tcp dport == 53 accept
It'll be easier to translate our rules to nftables rules in this way.
- Fixed setting the protocol of a dport/sport statement.
- Fixed translating ports to service name, and back (/etc/service).
- Enable Save button when modifying the description of a rule.
Now you can add rules to allow multiple protocols.
For example you can add a rule to allow dport/sport for both TCP
and UDP.
There're two options to allow a port:
Statement {
Name: tcp
Values:
Key: dport
Value: 1234
}
Statement {
Name: meta
Values:
Key: l4proto
Value: tcp,udp
Key: dport
Value: 1234
}
Closes#951.
The helper dialog to allow inbound connections to a port was adding a
rule to source port, instead of destination port.
The source port is needed to allow the traffic of a *local service"
when the inbound policy is set to Deny.
* i18n: initial support for Finnish
* i18n: add Finnish translations for rules
* i18n: add Finnish translations for rules
* i18n: translated using Weblate (Finnish)
Currently translated at 99.6% (516 of 518 strings)
Translation: Open Source/opensnitch
* i18n: finalize Finnish translations
* i18n: run Finnish translations through lrelease
---------
Co-authored-by: Toni Lähdekorpi <toni.lahdekorpi@neuvo.ai>
- When changing a policy, disable it until we receive a response.
Maybe we should even delay it a little bit more.
- When editing a fw rule, disable the Save button if the user didn't
change any field.
Some DEs and WMs don't support systray icons. In this situation we
display the GUI after 10s.
However many users were confused about this behaviour, thinking that
this delay displaying the GUI was a bug (#937).
Hopefully with a warning to the terminal and the desktop will help
them to know what's going on.
- Allow to copy rules to clipboard with CTRL-c
- Added contextual menus:
- edit to open the editor dialog.
- Action, to change the rule verdict without opening the rule dialog.
- Fixed error validating some meta expressions.
- Added option to enable/disable fw rules.
- Limit fw rules deletion to 1 rule for now, until a bug is fixed.
- Allow to filter connections by source IP/Network.
(it also may be useful filter by source port)
- Removed AlwaysOnTop Hint from rules editor dialog.
Closes#922
Up until now, clicking on a system notification caused several
behaviours depending on the Desktop Environment:
- On Gnome it executed opensnitch_ui.desktop, which as of today kills
the running opensnitch-ui process, and relaunches it.
- On other DEs the notifications was just dismissed.
To improve the first behaviour, the Hint "desktop-entry" has been removed.
Now clicking on a notification on Gnome will bring the main window to the
front if it's opened.
On the other hand a new button has been added to the notifications, to
open the main window if it's not opened, or bring it to the front
otherwise.
- On the very first install, or if the GUI's settings.conf file was not
created, GUI's DefaultAction item was not configured properly.
- Now when the daemon is not connected to the GUI, it'll use the
DefaultAction configured in /etc/opensnitchd/default-config.json
- When the daemon is connected to the GUI, the GUI will reconfigure
daemon's DefaultAction value when the one defined by the GUI.
In this case the value defined in default-config.json is not modified,
it'll only be valid while it's connected to the GUI.
Now when opening Preferences->Nodes, it'll display daemon's
DefaultAction defined in the file default-config.json file, which is the
default action applied when the daemon is not connected to the GUI.
Related: #884 , #896
- Don't allow a 0 or empty statement value, except for Meta.
- snat, dnat and redirect parameters must contain ":" to specify a port
or ip+port (192.168.1.1:8080, :8080).
- queue verdict parameter must be an integer.
