- Previously we only supported multiple ICMP types on the same rule
by adding multiple keys:
Key: type
Value: echo-request
Key: type
Value: echo-reply
Now it's possible to specify them using ',':
Key: type
Value: echo-request,echo-reply
- Validate ICMP types before adding them.
* There was a situation where the details of an app rule was not being
displayed correctly:
- on the tab rules select any system fw rule.
- go to the Events tab
- double click on the Rule column to view the details.
- instead of the app rules details, the list of system fw rules was
displayed.
* On the other hand, when going back from the details view, the list of
rules was not being refreshed correctly.
In this situation now we select the Application rules view.
- fsnotify notifies 2 WRITE events sometimes (known bug), which leads to
read 0 bytes one of the times.
As now we send these errors to the GUI, on some systems we were
displaying an error reading the config, which was not really the case.
- Only parse the config before writing it to disk, instead of call the
load() method.
make it more nftables style:
ip daddr 127.0.0.1 tcp dport 53 accept
instead of:
ip daddr == 127.0.0.1 tcp dport == 53 accept
It'll be easier to translate our rules to nftables rules in this way.
- Fixed setting the protocol of a dport/sport statement.
- Fixed translating ports to service name, and back (/etc/service).
- Enable Save button when modifying the description of a rule.
Now you can add rules to allow multiple protocols.
For example you can add a rule to allow dport/sport for both TCP
and UDP.
There're two options to allow a port:
Statement {
Name: tcp
Values:
Key: dport
Value: 1234
}
Statement {
Name: meta
Values:
Key: l4proto
Value: tcp,udp
Key: dport
Value: 1234
}
Closes#951.
The helper dialog to allow inbound connections to a port was adding a
rule to source port, instead of destination port.
The source port is needed to allow the traffic of a *local service"
when the inbound policy is set to Deny.
The DNS rule to intercept DNS responses must always be at the top of
the (input-filter) rules, otherwise we won't receive DNS resolutions.
Adding, removing or changing system fw rules was removing the rule from 1st
position.
Another approach to this problem could be to remove&&add only the dns rule,
instead of disable-enable interception+rules monitor.
* i18n: initial support for Finnish
* i18n: add Finnish translations for rules
* i18n: add Finnish translations for rules
* i18n: translated using Weblate (Finnish)
Currently translated at 99.6% (516 of 518 strings)
Translation: Open Source/opensnitch
* i18n: finalize Finnish translations
* i18n: run Finnish translations through lrelease
---------
Co-authored-by: Toni Lähdekorpi <toni.lahdekorpi@neuvo.ai>
