diff --git a/src/libfwbuilder/src/fwbuilder/Rule.cpp b/src/libfwbuilder/src/fwbuilder/Rule.cpp index 200f37129..8c536be2a 100644 --- a/src/libfwbuilder/src/fwbuilder/Rule.cpp +++ b/src/libfwbuilder/src/fwbuilder/Rule.cpp @@ -483,6 +483,7 @@ void PolicyRule::setTagObject(FWObject *tag_object) string tag_id = (tag_object) ? FWObjectDatabase::getStringId(tag_object->getId()) : ""; getOptionsObject()->setStr("tagobject_id", tag_id); + setTagging(tag_object && ! tag_id.empty()); } FWObject* PolicyRule::getTagObject() diff --git a/src/libgui/ActionsDialog.cpp b/src/libgui/ActionsDialog.cpp index 2c7aed446..ab9f1699e 100644 --- a/src/libgui/ActionsDialog.cpp +++ b/src/libgui/ActionsDialog.cpp @@ -74,38 +74,16 @@ ActionsDialog::ActionsDialog(QWidget *parent) : BaseObjectDialog(parent) //m_dialog->iptBranchDropArea->addAcceptedTypes("NAT"); //m_dialog->iptBranchDropArea->addAcceptedTypes("Routing"); m_dialog->iptBranchDropArea->setHelperText("Drop rule set object here"); - connect (m_dialog->iptBranchDropArea, - SIGNAL(objectDeleted()),this,SLOT(changed())); - connect (m_dialog->iptBranchDropArea, - SIGNAL(objectInserted()),this,SLOT(changed())); m_dialog->pfBranchDropArea->addAcceptedTypes("Policy"); //m_dialog->pfBranchDropArea->addAcceptedTypes("NAT"); //m_dialog->pfBranchDropArea->addAcceptedTypes("Routing"); m_dialog->pfBranchDropArea->setHelperText("Drop rule set object here"); - connect (m_dialog->pfBranchDropArea, - SIGNAL(objectDeleted()),this,SLOT(changed())); - connect (m_dialog->pfBranchDropArea, - SIGNAL(objectInserted()),this,SLOT(changed())); m_dialog->natBranchDropArea->addAcceptedTypes("NAT"); m_dialog->natBranchDropArea->setHelperText("Drop NAT rule set object here"); - connect (m_dialog->natBranchDropArea, - SIGNAL(objectDeleted()),this,SLOT(changed())); - connect (m_dialog->natBranchDropArea, - SIGNAL(objectInserted()),this,SLOT(changed())); - m_dialog->pfTagDropArea->addAcceptedTypes("TagService"); - connect (m_dialog->pfTagDropArea, - SIGNAL(objectDeleted()),this,SLOT(changed())); - connect (m_dialog->pfTagDropArea, - SIGNAL(objectInserted()),this,SLOT(changed())); - - m_dialog->iptTagDropArea->addAcceptedTypes("TagService"); - connect (m_dialog->iptTagDropArea, - SIGNAL(objectDeleted()),this,SLOT(changed())); - connect (m_dialog->iptTagDropArea, - SIGNAL(objectInserted()),this,SLOT(changed())); + connectSignalsOfAllWidgetsToSlotChange(); }; ActionsDialog::~ActionsDialog() @@ -183,21 +161,6 @@ void ActionsDialog::applyChanges() data.saveAll(new_rule_options); Rule *rule = Rule::cast(new_state); - PolicyRule *policy_rule = PolicyRule::cast(new_state); - - if (editor=="TagIptables") - { - FWObject *tag_object = m_dialog->iptTagDropArea->getObject(); - // if tag_object==NULL, setTagObject clears setting in the rule - policy_rule->setTagObject(tag_object); - } - - if (editor=="TagPF") - { - FWObject *tag_object = m_dialog->pfTagDropArea->getObject(); - // if tag_object==NULL, setTagObject clears setting in the rule - policy_rule->setTagObject(tag_object); - } if (editor=="BranchChain") { @@ -220,39 +183,21 @@ void ActionsDialog::applyChanges() rule->setBranch(ruleset); } - if (m_dialog->useDummyNetPipe->isChecked()) - new_rule_options->setInt("ipfw_classify_method", DUMMYNETPIPE); - else - new_rule_options->setInt("ipfw_classify_method", DUMMYNETQUEUE); - if (!cmd->getOldState()->cmp(new_state, true)) m_project->undoStack->push(cmd.release()); } void ActionsDialog::tagvalueChanged(int) { - QString buf; +// QString buf; //!!! buf.setNum(m_dialog->tagvalue_int->value()); //!!! m_dialog->tagvalue_str->setText(buf); } -void ActionsDialog::iptRouteContinueToggled() -{ - if (m_dialog->ipt_continue->isChecked()) - { - m_dialog->ipt_iif->setCurrentIndex(0); - m_dialog->ipt_tee->setChecked(false); - } - m_dialog->ipt_iif->setEnabled( ! m_dialog->ipt_continue->isChecked() ); - m_dialog->ipt_tee->setEnabled( ! m_dialog->ipt_continue->isChecked() ); -} - void ActionsDialog::setRule(Rule *r) { rule = r; - PolicyRule *policy_rule = PolicyRule::cast(r); - FWObject *o = r; while (o!=NULL && Firewall::cast(o)==NULL) o = o->getParent(); @@ -266,11 +211,6 @@ void ActionsDialog::setRule(Rule *r) if (firewall) { // firewall can be NULL if rule set is in Deleted Objects library - fillInterfaces(m_dialog->ipt_iif); - fillInterfaces(m_dialog->ipt_oif); - fillInterfaces(m_dialog->ipf_route_opt_if); - fillInterfaces(m_dialog->pf_route_opt_if); - platform = firewall->getStr("platform"); help_name = string(platform + "_" + act).c_str(); editor = DialogFactory::getActionDialogPageName(firewall, r); @@ -287,102 +227,13 @@ void ActionsDialog::setRule(Rule *r) branchNameInput = NULL; - if (ropt->getInt("ipfw_classify_method") == DUMMYNETPIPE) - { - m_dialog->useDummyNetPipe->setChecked(1); - } else { - m_dialog->useDummyNetQueue->setChecked(1); - } - - // as of 4.2.0 build 3477 we provide checkboxes to make Tag and - // Classify actions (PF) terminating or non-terminating on - // per-rule basis. Old behavior: Tag was non-terminating and - // Classify was terminating. Set options accordingly if they are - // not set. - if (platform=="pf") - { - string pf_tag_terminating = ropt->getStr("pf_tag_terminating"); - if (pf_tag_terminating.empty()) - ropt->setBool("pf_tag_terminating", false); - string pf_classify_terminating = ropt->getStr("pf_classify_terminating"); - if (pf_classify_terminating.empty()) - ropt->setBool("pf_classify_terminating", true); - } - - if (platform=="iptables") - { - m_dialog->classify_terminating->show(); - m_dialog->tag_terminating->show(); - - // Keep both variants of this text separate to simplify localization - QString emu_state; - if (firewall->getOptionsObject()->getBool("classify_mark_terminating")) - { - emu_state = - tr("Emulation of terminating behavior for MARK and CLASSIFY " - "targets is currently ON, rule will be terminating"); - } else - { - emu_state = - tr("Emulation of terminating behavior for MARK and CLASSIFY " - "targets is currently OFF, rule will not be terminating"); - } - m_dialog->classify_terminating->setText(emu_state); - m_dialog->tag_terminating->setText(emu_state); - - } else - { - m_dialog->classify_terminating->hide(); - m_dialog->tag_terminating->hide(); - } - data.clear(); - data.registerOption(m_dialog->ipt_mark_connections, ropt, - "ipt_mark_connections"); - - data.registerOption(m_dialog->pf_tag_terminating, ropt, "pf_tag_terminating"); - -// data.registerOption(ipt_mark_prerouting, ropt, "ipt_mark_prerouting"); data.registerOption(m_dialog->accountingvalue_str, ropt, "rule_name_accounting"); - data.registerOption(m_dialog->usePortNum, ropt, "ipfw_pipe_queue_num"); data.registerOption(m_dialog->divertPortNum, ropt, "ipfw_pipe_port_num"); - data.registerOption(m_dialog->classify_str, ropt, "classify_str"); data.registerOption(m_dialog->custom_str, ropt, "custom_str"); - data.registerOption(m_dialog->pf_classify_str, ropt, "pf_classify_str"); - data.registerOption(m_dialog->pf_classify_terminating, ropt, - "pf_classify_terminating"); - - // ROUTE action: - - // build a map for combobox so visible combobox items can be localized - QStringList route_options = getRouteOptions_pf_ipf(platform.c_str() ); - QStringList route_load_options = getRouteLoadOptions_pf(platform.c_str() ); - - // iptables - data.registerOption(m_dialog->ipt_iif, ropt, "ipt_iif" ); - data.registerOption(m_dialog->ipt_oif, ropt, "ipt_oif" ); - data.registerOption(m_dialog->ipt_gw, ropt, "ipt_gw" ); - data.registerOption(m_dialog->ipt_continue, ropt, "ipt_continue" ); - data.registerOption(m_dialog->ipt_tee, ropt, "ipt_tee"); - - // ipfilter - data.registerOption(m_dialog->ipf_route_option, ropt, "ipf_route_option", - route_options); - data.registerOption(m_dialog->ipf_route_opt_if, ropt, "ipf_route_opt_if"); - data.registerOption(m_dialog->ipf_route_opt_addr, ropt, - "ipf_route_opt_addr"); - - // pf - data.registerOption(m_dialog->pf_fastroute, ropt, "pf_fastroute" ); - data.registerOption(m_dialog->pf_route_load_option, ropt, - "pf_route_load_option", route_load_options ); - data.registerOption(m_dialog->pf_route_option, ropt, "pf_route_option", - route_options); - data.registerOption(m_dialog->pf_route_opt_if, ropt, "pf_route_opt_if" ); - data.registerOption(m_dialog->pf_route_opt_addr, ropt, "pf_route_opt_addr"); // REJECT action: data.registerOption(m_dialog->rejectvalue, ropt, "action_on_reject"); @@ -392,40 +243,14 @@ void ActionsDialog::setRule(Rule *r) { w=m_dialog->RejectPage; } - else if (editor=="TagIptables") - { - w = m_dialog->TagIptables; - FWObject *o = policy_rule->getTagObject(); - m_dialog->iptTagDropArea->setObject(o); - m_dialog->iptTagDropArea->update(); - } - else if (editor=="TagPF") - { - w = m_dialog->TagPF; - FWObject *o = policy_rule->getTagObject(); - m_dialog->pfTagDropArea->setObject(o); - m_dialog->pfTagDropArea->update(); - } else if (editor=="AccountingStr") { w = m_dialog->AccountingStrPage; } - else if (editor=="ClassifyArgsIPFW") - { - w = m_dialog->ClassifyArgsIPFW; - } else if (editor=="PipeArgsIPFW") { w = m_dialog->PipeArgsIPFW; } - else if (editor=="ClassifyIptables") - { - w = m_dialog->ClassifyIptables; - } - else if (editor=="ClassifyPF") - { - w = m_dialog->ClassifyPF; - } else if (editor=="CustomStr") { w = m_dialog->CustomStrPage; @@ -451,41 +276,10 @@ void ActionsDialog::setRule(Rule *r) RuleSet *ruleset = r->getBranch(); m_dialog->natBranchDropArea->setObject(ruleset); } - else if (editor=="RouteIPT") - { - w=m_dialog->RouteIPTPage; - } - else if (editor=="RouteIPF") - { - w=m_dialog->RouteIPFPage; - } - else if (editor=="RoutePF") - { - w=m_dialog->RoutePFPage; - } m_dialog->widgetStack->setCurrentWidget(w); - //rejectvalue->setCurrentText(ropt->getStr("action_on_reject") ); data.loadAll(); - iptRouteContinueToggled(); } -void ActionsDialog::fillInterfaces(QComboBox* cb) -{ - cb->clear(); - cb->addItem(""); - - list interfaces = firewall->getByTypeDeep(Interface::TYPENAME); - for (list::iterator i=interfaces.begin(); i!=interfaces.end(); ++i) - { - Interface *iface = Interface::cast(*i); - assert(iface); - - cb->addItem(iface->getName().c_str()); - } - -} - - diff --git a/src/libgui/ActionsDialog.h b/src/libgui/ActionsDialog.h index a98cb0bd8..2de9d46a2 100644 --- a/src/libgui/ActionsDialog.h +++ b/src/libgui/ActionsDialog.h @@ -73,13 +73,10 @@ private: ActionsDialog(QWidget *parent); ~ActionsDialog(); - void fillInterfaces(QComboBox *); - public slots: virtual void applyChanges(); virtual void tagvalueChanged(int); - virtual void iptRouteContinueToggled(); virtual void loadFWObject(libfwbuilder::FWObject *obj); virtual void validate(bool*); virtual void getHelpName(QString*); diff --git a/src/libgui/BaseObjectDialog.h b/src/libgui/BaseObjectDialog.h index ed4b56a59..6cf657b0e 100644 --- a/src/libgui/BaseObjectDialog.h +++ b/src/libgui/BaseObjectDialog.h @@ -46,17 +46,7 @@ protected: public slots: - virtual void changed() - { - QWidget *s = dynamic_cast(sender()); - if (fwbdebug) - qDebug() << "BaseObjectDialog::changed() from " << s; - - if (!init) - { - emit changed_sign(); - } - } + virtual void changed(); public: BaseObjectDialog(QWidget *parent) : QWidget(parent) @@ -70,6 +60,8 @@ public: void attachToProjectWindow(ProjectPanel *pp) { m_project = pp; } ProjectPanel* getAssociatedProjectWindow() { return m_project; } + void connectSignalsOfAllWidgetsToSlotChange(); + signals: void changed_sign(); diff --git a/src/libgui/FWObjectPropertiesFactory.cpp b/src/libgui/FWObjectPropertiesFactory.cpp index ed7f426d5..75a1a9054 100644 --- a/src/libgui/FWObjectPropertiesFactory.cpp +++ b/src/libgui/FWObjectPropertiesFactory.cpp @@ -945,21 +945,6 @@ QString FWObjectPropertiesFactory::getRuleActionProperties(Rule *rule) case PolicyRule::Reject: par = ropt->getStr("action_on_reject").c_str(); break; - -/* - * TODO #2367 This should move to getPolicyRuleOptions() - * - case PolicyRule::Tag: - { - FWObject *tag_object = PolicyRule::cast(rule)->getTagObject(); - if (tag_object) - par = QString::fromUtf8(tag_object->getName().c_str()); - else - par = QString::fromUtf8(PolicyRule::cast(rule)->getTagValue().c_str()); - break; - } -*/ - case PolicyRule::Accounting : par = ropt->getStr("rule_name_accounting").c_str(); break; @@ -974,30 +959,6 @@ QString FWObjectPropertiesFactory::getRuleActionProperties(Rule *rule) // ropt->getStr("branch_name").c_str(); break; } - -/* - * TODO #2367 This should move to getPolicyRuleOptions() - * - case PolicyRule::Classify: - if (platform=="ipfw") - { - if (ropt->getInt("ipfw_classify_method") == DUMMYNETPIPE) - { - par = "pipe"; - } else { - par = "queue"; - } - par = par + " " + ropt->getStr("ipfw_pipe_queue_num").c_str(); - } else - { - if (platform=="pf") - par = ropt->getStr("pf_classify_str").c_str(); - else - par = ropt->getStr("classify_str").c_str(); - } - break; -*/ - case PolicyRule::Pipe : if (platform=="ipfw") { @@ -1006,48 +967,6 @@ QString FWObjectPropertiesFactory::getRuleActionProperties(Rule *rule) } break; -/* - * TODO #2367 This should move to getPolicyRuleOptions() - * - case PolicyRule::Route : - if (platform=="iptables") - { - string a; - a = ropt->getStr("ipt_gw"); - if (!a.empty()) par = par + " gw: " + a.c_str(); - a = ropt->getStr("ipt_iif"); - if (!a.empty()) par = par + " iif: " + a.c_str(); - a = ropt->getStr("ipt_oif"); - if (!a.empty()) par = par + " oif: " + a.c_str(); - } - if (platform=="ipf") - { - string a; - a = ropt->getStr("ipf_route_option"); - if (!a.empty()) - { - par = par + " "+ - getScreenName(a.c_str(), - getRouteOptions_pf_ipf( platform.c_str() )); - } - a = ropt->getStr("ipf_route_opt_if"); - if (!a.empty()) par = par + " "+ a.c_str(); - a = ropt->getStr("ipf_route_opt_addr"); - if (!a.empty()) par = par + " "+ a.c_str(); - } - if (platform=="pf") - { - string a; - a = ropt->getStr("pf_route_option"); - if (!a.empty()) par = par + " "+ a.c_str(); - a = ropt->getStr("pf_route_opt_if"); - if (!a.empty()) par = par + " "+ a.c_str(); - a = ropt->getStr("pf_route_opt_addr"); - if (!a.empty()) par = par + " "+ a.c_str(); - } - break; -*/ - default : {} } } diff --git a/src/libgui/RuleOptionsDialog.cpp b/src/libgui/RuleOptionsDialog.cpp index 87866999d..9833e263e 100644 --- a/src/libgui/RuleOptionsDialog.cpp +++ b/src/libgui/RuleOptionsDialog.cpp @@ -25,6 +25,7 @@ #include "../../config.h" +#include "../../definitions.h" #include "global.h" #include "utils.h" #include "platforms.h" @@ -33,6 +34,7 @@ #include "RuleSetView.h" #include "FWWindow.h" #include "FWCmdRule.h" +#include "FWObjectDropArea.h" #include "fwbuilder/Firewall.h" #include "fwbuilder/Rule.h" @@ -44,15 +46,17 @@ #include #include -#include -#include #include -#include -#include #include #include #include +#include +#include +#include +#include +#include + #include @@ -70,6 +74,12 @@ RuleOptionsDialog::RuleOptionsDialog(QWidget *parent) : m_dialog = new Ui::RuleOptionsDialog_q; m_dialog->setupUi(this); + m_dialog->pfTagDropArea->addAcceptedTypes("TagService"); + m_dialog->iptTagDropArea->addAcceptedTypes("TagService"); + + connectSignalsOfAllWidgetsToSlotChange(); + + firewall = NULL; init=false; } @@ -81,23 +91,22 @@ void RuleOptionsDialog::getHelpName(QString *str) void RuleOptionsDialog::loadFWObject(FWObject *o) { - obj=o; -// rsv=rv; - - FWObject *p=obj; + obj = o; + firewall = o; // use Firewall::cast to match both Firewall and Cluster - while (!Firewall::cast(p)) p = p->getParent(); - platform=p->getStr("platform").c_str(); + while (!Firewall::cast(firewall)) firewall = firewall->getParent(); + platform = firewall->getStr("platform").c_str(); + string version = firewall->getStr("version"); help_name = platform + "_rule_options"; + // build a map for combobox so visible combobox items can be localized + QStringList route_options = getRouteOptions_pf_ipf(platform); + QStringList route_load_options = getRouteLoadOptions_pf(platform); + Rule *rule = dynamic_cast(o); FWOptions *ropt = rule->getOptionsObject(); - - // m_dialog->editorTitle->setText(QString("%1 / %2 / %3 ") - // .arg(QString::fromUtf8(p->getName().c_str())) - // .arg(rule->getTypeName().c_str()) - // .arg(rule->getPosition())); + PolicyRule *policy_rule = PolicyRule::cast(rule); int wid=0; if (platform=="iptables") wid=0; @@ -128,6 +137,12 @@ void RuleOptionsDialog::loadFWObject(FWObject *o) m_dialog->ipt_hashlimit_suffix->clear(); m_dialog->ipt_hashlimit_suffix->addItems(getScreenNames(limitSuffixes)); + fillInterfaces(m_dialog->ipt_iif); + fillInterfaces(m_dialog->ipt_oif); + fillInterfaces(m_dialog->ipf_route_opt_if); + fillInterfaces(m_dialog->pf_route_opt_if); + + data.clear(); if (platform=="iptables") @@ -192,8 +207,25 @@ void RuleOptionsDialog::loadFWObject(FWObject *o) threeStateMapping.push_back("0"); data.registerOption(m_dialog->ipt_assume_fw_is_part_of_any, ropt, - "firewall_is_part_of_any_and_networks", threeStateMapping); + "firewall_is_part_of_any_and_networks", + threeStateMapping); data.registerOption(m_dialog->ipt_stateless, ropt, "stateless"); + + data.registerOption(m_dialog->ipt_mark_connections, ropt, + "ipt_mark_connections"); + + data.registerOption(m_dialog->classify_str, ropt, "classify_str"); + + // Route + data.registerOption(m_dialog->ipt_iif, ropt, "ipt_iif" ); + data.registerOption(m_dialog->ipt_oif, ropt, "ipt_oif" ); + data.registerOption(m_dialog->ipt_gw, ropt, "ipt_gw" ); + data.registerOption(m_dialog->ipt_continue, ropt, "ipt_continue" ); + data.registerOption(m_dialog->ipt_tee, ropt, "ipt_tee"); + + FWObject *o = policy_rule->getTagObject(); + m_dialog->iptTagDropArea->setObject(o); + m_dialog->iptTagDropArea->update(); } @@ -207,12 +239,17 @@ void RuleOptionsDialog::loadFWObject(FWObject *o) "ipf_return_icmp_as_dest"); data.registerOption(m_dialog->ipf_stateless, ropt, "stateless"); data.registerOption(m_dialog->ipf_keep_frags, ropt, "ipf_keep_frags"); + + // Route + data.registerOption(m_dialog->ipf_route_option, ropt, "ipf_route_option", + route_options); + data.registerOption(m_dialog->ipf_route_opt_if, ropt, "ipf_route_opt_if"); + data.registerOption(m_dialog->ipf_route_opt_addr, ropt, + "ipf_route_opt_addr"); } if (platform=="pf") { - string version = p->getStr("version"); - bool ge_4_5 = XMLTools::version_compare(version, "4.5")>=0; m_dialog->pf_no_sync->setEnabled(ge_4_5); @@ -254,11 +291,38 @@ void RuleOptionsDialog::loadFWObject(FWObject *o) "pf_modulate_state"); data.registerOption(m_dialog->pf_synproxy, ropt, "pf_synproxy"); + + data.registerOption(m_dialog->pf_classify_str, ropt, "pf_classify_str"); + + // Route + data.registerOption(m_dialog->pf_fastroute, ropt, "pf_fastroute"); + data.registerOption(m_dialog->pf_route_load_option, ropt, + "pf_route_load_option", route_load_options); + data.registerOption(m_dialog->pf_route_option, ropt, "pf_route_option", + route_options); + data.registerOption(m_dialog->pf_route_opt_if, ropt, "pf_route_opt_if"); + data.registerOption(m_dialog->pf_route_opt_addr, ropt, "pf_route_opt_addr"); + + FWObject *o = policy_rule->getTagObject(); + m_dialog->pfTagDropArea->setObject(o); + m_dialog->pfTagDropArea->update(); } if (platform=="ipfw") { data.registerOption(m_dialog->ipfw_stateless, ropt,"stateless"); + data.registerOption(m_dialog->usePortNum, ropt, "ipfw_pipe_queue_num"); + +/* #2367 */ + + data.registerOption(m_dialog->ipfw_classify, ropt, "classification"); + + if (ropt->getInt("ipfw_classify_method") == DUMMYNETPIPE) + { + m_dialog->useDummyNetPipe->setChecked(1); + } else { + m_dialog->useDummyNetQueue->setChecked(1); + } } if (platform=="iosacl" || platform=="procurve_acl") @@ -269,9 +333,10 @@ void RuleOptionsDialog::loadFWObject(FWObject *o) if (platform=="pix" || platform=="fwsm") { - string vers="version_"+p->getStr("version"); + string vers = "version_" + version; if (Resources::platform_res[platform.toAscii().constData()]->getResourceBool( - "/FWBuilderResources/Target/options/"+vers+"/pix_rule_syslog_settings")) + "/FWBuilderResources/Target/options/" + + vers + "/pix_rule_syslog_settings")) { m_dialog->pix_disable_rule_log->setEnabled(true); m_dialog->pix_logLevel->setEnabled(true); @@ -292,7 +357,9 @@ void RuleOptionsDialog::loadFWObject(FWObject *o) } - init=true; + + + init = true; data.loadAll(); m_dialog->pf_max_src_nodes->setEnabled( @@ -300,6 +367,7 @@ void RuleOptionsDialog::loadFWObject(FWObject *o) m_dialog->pf_max_src_states->setEnabled( m_dialog->pf_source_tracking->isChecked()); + connlimitAboveLabelChange(); limitLabelChange(); @@ -326,6 +394,8 @@ void RuleOptionsDialog::changed() m_dialog->pf_flush->setEnabled(enable_overload_options); m_dialog->pf_global->setEnabled(enable_overload_options); + iptRouteContinueToggled(); // #2367 + BaseObjectDialog::changed(); } @@ -342,9 +412,65 @@ void RuleOptionsDialog::applyChanges() FWObject* new_state = cmd->getNewState(); FWOptions* new_rule_options = Rule::cast(new_state)->getOptionsObject(); - init=true; + init = true; data.saveAll(new_rule_options); - init=false; + init = false; + +/* #2367 */ + + PolicyRule *policy_rule = PolicyRule::cast(new_state); + if (policy_rule) + { + FWOptions *ropt = policy_rule->getOptionsObject(); + + if (platform=="iptables") + { + FWObject *tag_object = m_dialog->iptTagDropArea->getObject(); + // if tag_object==NULL, setTagObject clears setting in the rule + policy_rule->setTagging(tag_object != NULL); + policy_rule->setTagObject(tag_object); + + policy_rule->setClassification( + ! ropt->getStr("classify_str").empty()); + + policy_rule->setRouting( ! ropt->getStr("ipt_iif").empty() || + ! ropt->getStr("ipt_oif").empty() || + ! ropt->getStr("ipt_gw").empty()); + } + + if (platform=="pf") + { + FWObject *tag_object = m_dialog->pfTagDropArea->getObject(); + // if tag_object==NULL, setTagObject clears setting in the rule + policy_rule->setTagging(tag_object != NULL); + policy_rule->setTagObject(tag_object); + + policy_rule->setClassification( + ! ropt->getStr("pf_classify_str").empty()); + + policy_rule->setRouting( + ! ropt->getStr("pf_route_option").empty() && + ropt->getStr("pf_route_option") != "none"); + } + + if (platform=="ipf") + { + policy_rule->setRouting( + ! ropt->getStr("ipf_route_option").empty() && + ropt->getStr("ipf_route_option") != "none"); + } + + if (platform=="ipfw") + { + // rule option "classification" is set via checkbox and was + // set by the call to data.saveAll() above + + if (m_dialog->useDummyNetPipe->isChecked()) + new_rule_options->setInt("ipfw_classify_method", DUMMYNETPIPE); + else + new_rule_options->setInt("ipfw_classify_method", DUMMYNETQUEUE); + } + } if (!cmd->getOldState()->cmp(new_state, true)) { @@ -388,3 +514,31 @@ void RuleOptionsDialog::limitLabelChange() changed(); } +void RuleOptionsDialog::iptRouteContinueToggled() +{ + if (m_dialog->ipt_continue->isChecked()) + { + m_dialog->ipt_iif->setCurrentIndex(0); + m_dialog->ipt_tee->setChecked(false); + } + m_dialog->ipt_iif->setEnabled( ! m_dialog->ipt_continue->isChecked() ); + m_dialog->ipt_tee->setEnabled( ! m_dialog->ipt_continue->isChecked() ); +} + +void RuleOptionsDialog::fillInterfaces(QComboBox* cb) +{ + cb->clear(); + cb->addItem(""); + + list interfaces = firewall->getByTypeDeep(Interface::TYPENAME); + for (list::iterator i=interfaces.begin(); i!=interfaces.end(); ++i) + { + Interface *iface = Interface::cast(*i); + assert(iface); + + cb->addItem(iface->getName().c_str()); + } + +} + + diff --git a/src/libgui/RuleOptionsDialog.h b/src/libgui/RuleOptionsDialog.h index 1c9cbd90a..9353ee1aa 100644 --- a/src/libgui/RuleOptionsDialog.h +++ b/src/libgui/RuleOptionsDialog.h @@ -45,15 +45,19 @@ class RuleOptionsDialog : public BaseObjectDialog DialogData data; QString platform; + RuleSetView *rsv; Ui::RuleOptionsDialog_q*m_dialog; + libfwbuilder::FWObject *firewall; QString help_name; public: RuleOptionsDialog(QWidget *parent); ~RuleOptionsDialog(); - + + void fillInterfaces(QComboBox *); // #2367 + public slots: virtual void changed(); virtual void applyChanges(); @@ -63,6 +67,7 @@ public slots: virtual void getHelpName(QString*); virtual void connlimitAboveLabelChange(); virtual void limitLabelChange(); + virtual void iptRouteContinueToggled(); // #2367 }; #endif // __RULEOPTIONSDIALOG_H diff --git a/src/libgui/RuleSetModel.cpp b/src/libgui/RuleSetModel.cpp index 2936c6ec8..1fc5bc2b1 100644 --- a/src/libgui/RuleSetModel.cpp +++ b/src/libgui/RuleSetModel.cpp @@ -24,6 +24,7 @@ */ #include "../../config.h" +#include "../../definitions.h" #include "global.h" #include "utils.h" @@ -1433,8 +1434,52 @@ QStringList PolicyModel::getRuleOptions(Rule* r) const { QStringList res; PolicyRule *policyRule = PolicyRule::cast( r ); + FWOptions *ropt = policyRule->getOptionsObject(); + if (policyRule->getLogging()) res << "Log"; - if (!isDefaultPolicyRuleOptions(r->getOptionsObject())) res << "Options"; + + if ( ! isDefaultPolicyRuleOptions(r->getOptionsObject())) res << "Options"; + + FWObject *firewall = r; + // use Firewall::cast to match both Firewall and Cluster + while (!Firewall::cast(firewall)) firewall = firewall->getParent(); + string platform = firewall->getStr("platform"); + + if (policyRule->getTagging()) + { + res << tr("Tag %1").arg( + QString::fromUtf8( + PolicyRule::cast(policyRule)->getTagValue().c_str())); + } + + if (policyRule->getClassification()) + { + QString par; + + if (platform=="iptables") + par = ropt->getStr("classify_str").c_str(); + + if (platform=="pf") + par = ropt->getStr("pf_classify_str").c_str(); + + if (platform=="ipfw") + { + if (ropt->getInt("ipfw_classify_method") == DUMMYNETPIPE) + { + par = "pipe"; + } else { + par = "queue"; + } + par = par + " " + ropt->getStr("ipfw_pipe_queue_num").c_str(); + } + + if (!par.isEmpty()) res << tr("Classify %1").arg(par); + } + + if (policyRule->getRouting()) + { + res << "Route"; + } return res; } diff --git a/src/libgui/RuleSetViewDelegate.cpp b/src/libgui/RuleSetViewDelegate.cpp index 7d931d7b6..3e9e6d79b 100644 --- a/src/libgui/RuleSetViewDelegate.cpp +++ b/src/libgui/RuleSetViewDelegate.cpp @@ -257,6 +257,9 @@ void RuleSetViewDelegate::paintOptions(QPainter *painter, const QStyleOptionView { if (icons[i].contains("Log")) text.push_back(tr("log")); if (icons[i].contains("Options")) text.push_back(tr("(options)")); + if (icons[i].contains("Tag")) text.push_back(icons[i]); + if (icons[i].contains("Class")) text.push_back(icons[i]); + if (icons[i].contains("Routing")) text.push_back(icons[i]); } drawIconAndText(painter, ctx.drawRect, "", text.join(", "), false); } diff --git a/src/libgui/actionsdialog_q.ui b/src/libgui/actionsdialog_q.ui index 88f0df4ce..e39c2b00a 100644 --- a/src/libgui/actionsdialog_q.ui +++ b/src/libgui/actionsdialog_q.ui @@ -38,79 +38,8 @@ QFrame::Plain - 8 + 5 - - - - - - Tag service object: - - - false - - - - - - - - 0 - 0 - - - - - 100 - 80 - - - - - 9 - - - - - - - - Make this rule terminating - - - - - - - Qt::Horizontal - - - - 691 - 58 - - - - - - - - Qt::Vertical - - - QSizePolicy::MinimumExpanding - - - - 20 - 0 - - - - - - @@ -215,107 +144,6 @@ - - - - 12 - - - - - Tag service object: - - - false - - - - - - - Qt::Horizontal - - - QSizePolicy::Expanding - - - - 201 - 81 - - - - - - - - - 0 - 0 - - - - - 100 - 80 - - - - - 9 - - - - - - - - Requires CONNMARK target - - - Tag connections created by packets that match this rule - - - - - - - Note: this action translates into MARK target for iptables. -Normally this target is non-terminating, that is, other rules -with Classify or Tag actions below this one will process -the same packet. However, Firewall Builder can emulate -terminating behavior for this action. Option in the "compiler" -tab of the firewall object properties dialog activates emulation. - - - Emulation of terminating behavior for MARK target is currently ON, the rule will be terminating - - - Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter - - - true - - - - - - - Qt::Vertical - - - QSizePolicy::MinimumExpanding - - - - 609 - 21 - - - - - - @@ -358,113 +186,6 @@ tab of the firewall object properties dialog activates emulation. - - - - 12 - - - 12 - - - - - Packet classification can be implemented in different ways: - - - Qt::AlignVCenter - - - true - - - - - - - - - - - 12 - - - 12 - - - - - use dummynet(4) 'pipe' - - - - - - - use dummynet(4) 'queue' - - - - - - - - - - Pipe or queue number: - - - false - - - - - - - Qt::Horizontal - - - QSizePolicy::Expanding - - - - 40 - 20 - - - - - - - - - 80 - 0 - - - - 999999 - - - - - - - Qt::Vertical - - - QSizePolicy::MinimumExpanding - - - - 20 - 0 - - - - - - @@ -504,104 +225,6 @@ tab of the firewall object properties dialog activates emulation. - - - - 12 - - - 12 - - - - - Classify string: - - - false - - - - - - - - - - Qt::Vertical - - - QSizePolicy::MinimumExpanding - - - - 20 - 0 - - - - - - - - Note: CLASSIFY target in iptables is non-terminating, -this means other rules with Classify or Branch -target below this one will process the same packet. -However, Firewall Builder can emulate terminating -behavior for this action. Emulation is activated -by an option in the "compiler" tab of the firewall -object properties dialog. - - - Emulation is currently ON, rule will be terminating - - - Qt::AlignCenter - - - false - - - - - - - - - - - Classify string: - - - false - - - - - - - - - - Make this rule terminating - - - - - - - Qt::Vertical - - - - 20 - 93 - - - - - - @@ -808,321 +431,6 @@ object properties dialog. - - - - 12 - - - 12 - - - - - Qt::Vertical - - - QSizePolicy::MinimumExpanding - - - - 20 - 0 - - - - - - - - 12 - - - 12 - - - - - - Route through - - - - - Route reply through - - - - - Route a copy through - - - - - - - - interface - - - false - - - - - - - - - - next hop - - - false - - - - - - - - - - - - - - 12 - - - - - 12 - - - 12 - - - - - - None - - - - - Route through - - - - - Route reply through - - - - - Route a copy through - - - - - - - - interface - - - false - - - - - - - - - - next hop - - - false - - - - - - - - - - - - Fastroute - - - - - - - Qt::Horizontal - - - QSizePolicy::Fixed - - - - 40 - 20 - - - - - - - - Load Balancing: - - - - - - - - None - - - - - Bitmask - - - - - Random - - - - - Source Hash - - - - - Round Robin - - - - - - - - Qt::Horizontal - - - - 131 - 20 - - - - - - - - Qt::Vertical - - - QSizePolicy::MinimumExpanding - - - - 553 - 0 - - - - - - - - - - 12 - - - 12 - - - - - Change inbound interface to - - - false - - - - - - - Route through gateway - - - false - - - - - - - - - - Change outbound interface to - - - false - - - - - - - - - - - - - Qt::Horizontal - - - QSizePolicy::Expanding - - - - 170 - 20 - - - - - - - - Continue packet inspection - - - - - - - Make a copy - - - - - @@ -1204,54 +512,6 @@ object properties dialog. - - usePortNum - valueChanged(int) - ActionsDialog_q - changed() - - - 196 - 222 - - - 20 - 20 - - - - - useDummyNetQueue - toggled(bool) - ActionsDialog_q - changed() - - - 52 - 181 - - - 20 - 20 - - - - - useDummyNetPipe - toggled(bool) - ActionsDialog_q - changed() - - - 52 - 164 - - - 20 - 20 - - - rejectvalue activated(QString) @@ -1268,182 +528,6 @@ object properties dialog. - - pf_route_option - activated(int) - ActionsDialog_q - changed() - - - 57 - 206 - - - 20 - 20 - - - - - pf_route_opt_if - activated(int) - ActionsDialog_q - changed() - - - 313 - 206 - - - 20 - 20 - - - - - pf_route_opt_addr - editingFinished() - ActionsDialog_q - changed() - - - 494 - 207 - - - 20 - 20 - - - - - pf_fastroute - stateChanged(int) - ActionsDialog_q - changed() - - - 55 - 243 - - - 20 - 20 - - - - - ipt_tee - released() - ActionsDialog_q - changed() - - - 45 - 105 - - - 20 - 20 - - - - - ipt_oif - activated(int) - ActionsDialog_q - changed() - - - 45 - 105 - - - 20 - 20 - - - - - ipt_mark_connections - toggled(bool) - ActionsDialog_q - changed() - - - 45 - 141 - - - 20 - 20 - - - - - ipt_iif - activated(int) - ActionsDialog_q - changed() - - - 45 - 105 - - - 20 - 20 - - - - - ipt_gw - editingFinished() - ActionsDialog_q - changed() - - - 45 - 105 - - - 20 - 20 - - - - - ipt_continue - stateChanged(int) - ActionsDialog_q - iptRouteContinueToggled() - - - 45 - 105 - - - 20 - 20 - - - - - ipt_continue - stateChanged(int) - ActionsDialog_q - changed() - - - 45 - 105 - - - 20 - 20 - - - ipt_branch_in_mangle toggled(bool) @@ -1460,54 +544,6 @@ object properties dialog. - - ipf_route_option - activated(int) - ActionsDialog_q - changed() - - - 45 - 221 - - - 20 - 20 - - - - - ipf_route_opt_if - activated(int) - ActionsDialog_q - changed() - - - 301 - 221 - - - 20 - 20 - - - - - ipf_route_opt_addr - editingFinished() - ActionsDialog_q - changed() - - - 482 - 222 - - - 20 - 20 - - - divertPortNum valueChanged(int) @@ -1540,22 +576,6 @@ object properties dialog. - - classify_str - editingFinished() - ActionsDialog_q - changed() - - - 46 - 131 - - - 20 - 20 - - - accountingvalue_str editingFinished() @@ -1572,70 +592,6 @@ object properties dialog. - - pf_route_load_option - activated(int) - ActionsDialog_q - changed() - - - 338 - 233 - - - 317 - 177 - - - - - pf_tag_terminating - toggled(bool) - ActionsDialog_q - changed() - - - 238 - 89 - - - 425 - 114 - - - - - pf_classify_terminating - toggled(bool) - ActionsDialog_q - changed() - - - 425 - 88 - - - 425 - 114 - - - - - pf_classify_str - editingFinished() - ActionsDialog_q - changed() - - - 425 - 59 - - - 425 - 114 - - - changed() diff --git a/src/libgui/libgui.pro b/src/libgui/libgui.pro index 481778fb6..a5ac40e55 100644 --- a/src/libgui/libgui.pro +++ b/src/libgui/libgui.pro @@ -227,6 +227,7 @@ SOURCES += ProjectPanel.cpp \ ProjectPanel_events.cpp \ ProjectPanel_file_ops.cpp \ ProjectPanel_state_ops.cpp \ + BaseObjectDialog.cpp \ FWWindow.cpp \ FWWindow_editor.cpp \ FWWindow_single_rule_compile.cpp \ diff --git a/src/libgui/ruleoptionsdialog_q.ui b/src/libgui/ruleoptionsdialog_q.ui index 2637e1a6e..0522b154c 100644 --- a/src/libgui/ruleoptionsdialog_q.ui +++ b/src/libgui/ruleoptionsdialog_q.ui @@ -41,7 +41,7 @@ 0 - 0 + 1 @@ -63,20 +63,14 @@ QTabWidget::Triangular - 4 + 6 General - - 12 - - - 12 - - + 12 @@ -124,7 +118,7 @@ - + Normally policy compiler uses stateful inspection in each rule. Activating this option makes this rule stateless. @@ -133,18 +127,18 @@ Qt::AlignVCenter - true + false - + Stateless rule - + Qt::Vertical @@ -324,6 +318,12 @@ limit + + 12 + + + 12 + @@ -493,6 +493,12 @@ connlimit + + 12 + + + 12 + @@ -1062,6 +1068,255 @@ + + + Tag + + + + 12 + + + 12 + + + + + Tag service object: + + + false + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 615 + 81 + + + + + + + + + 0 + 0 + + + + + 100 + 80 + + + + + 9 + + + + + + + + Requires CONNMARK target + + + Tag connections created by packets that match this rule + + + + + + + Qt::Vertical + + + QSizePolicy::MinimumExpanding + + + + 609 + 108 + + + + + + + + + Classify + + + + 12 + + + 12 + + + + + Classify string: + + + false + + + + + + + + + + Qt::Horizontal + + + + 928 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::MinimumExpanding + + + + 1105 + 169 + + + + + + + + + Route + + + + 12 + + + 12 + + + + + Change inbound interface to + + + false + + + + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 809 + 20 + + + + + + + + Change outbound interface to + + + false + + + + + + + + + + Route through gateway + + + false + + + + + + + + + + Qt::Horizontal + + + + 754 + 20 + + + + + + + + Continue packet inspection + + + + + + + Make a copy + + + + + + + Qt::Vertical + + + + 20 + 96 + + + + + + @@ -1083,7 +1338,7 @@ QTabWidget::Triangular - 0 + 2 @@ -1156,6 +1411,9 @@ Logging + + 12 + 12 @@ -1251,6 +1509,108 @@ + + + Route + + + + 12 + + + 12 + + + + + 12 + + + 12 + + + + + + None + + + + + Route through + + + + + Route reply through + + + + + Route a copy through + + + + + + + + interface + + + false + + + + + + + + + + next hop + + + false + + + + + + + + + + + + Qt::Horizontal + + + + 548 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::MinimumExpanding + + + + 20 + 180 + + + + + + @@ -1275,19 +1635,31 @@ QTabWidget::Triangular - 0 + 6 State Tracking + + 12 + 6 + + 12 + 6 + + 12 + + + 9 + @@ -1473,6 +1845,9 @@ Limits + + 12 + 12 @@ -1713,6 +2088,9 @@ TCP + + 12 + 12 @@ -1752,6 +2130,305 @@ + + + Tag + + + + 12 + + + 12 + + + + + Tag service object: + + + false + + + + + + + + 0 + 0 + + + + + 100 + 80 + + + + + 9 + + + + + + + + Qt::Horizontal + + + + 982 + 77 + + + + + + + + Qt::Vertical + + + QSizePolicy::MinimumExpanding + + + + 108 + 112 + + + + + + + + + Classify + + + + 12 + + + 12 + + + + + Classify string: + + + false + + + + + + + + + + Qt::Horizontal + + + + 948 + 20 + + + + + + + + Qt::Vertical + + + + 948 + 169 + + + + + + + + + Route + + + + 12 + + + 12 + + + + + 12 + + + 12 + + + + + + None + + + + + Route through + + + + + Route reply through + + + + + Route a copy through + + + + + + + + interface + + + false + + + + + + + + + + next hop + + + false + + + + + + + + + + + + Qt::Horizontal + + + + 537 + 20 + + + + + + + + Fastroute + + + + + + + Qt::Horizontal + + + QSizePolicy::Fixed + + + + 40 + 20 + + + + + + + + Load Balancing: + + + + + + + + None + + + + + Bitmask + + + + + Random + + + + + Source Hash + + + + + Round Robin + + + + + + + + Qt::Horizontal + + + + 665 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::MinimumExpanding + + + + 553 + 139 + + + + + + @@ -1765,57 +2442,211 @@ 2 - - - QFrame::Box + + + QTabWidget::Triangular - - QFrame::Sunken + + 1 - - - - - - 300 - 0 - - - - Normally policy compiler uses stateful inspection in each rule. Activating next option makes this rule stateless. - - - Qt::AlignVCenter - - - true - - - - - - - Stateless rule - - - - - - - Qt::Vertical - - - QSizePolicy::Expanding - - - - 20 - 90 - - - - - + + + State Tracking + + + + 12 + + + 12 + + + + + + 300 + 0 + + + + Normally policy compiler uses stateful inspection in each rule. Activating next option makes this rule stateless. + + + Qt::AlignVCenter + + + false + + + + + + + Qt::Horizontal + + + + 446 + 20 + + + + + + + + Stateless rule + + + + + + + Qt::Vertical + + + QSizePolicy::Expanding + + + + 20 + 184 + + + + + + + + + Classify + + + + 12 + + + 12 + + + + + Classify packets + + + + + + + Packet classification can be implemented in different ways: + + + Qt::AlignVCenter + + + false + + + + + + + + + + + 12 + + + 12 + + + + + use dummynet(4) 'pipe' + + + + + + + use dummynet(4) 'queue' + + + + + + + + + + Qt::Horizontal + + + + 882 + 20 + + + + + + + + Pipe or queue number: + + + false + + + + + + + + 80 + 0 + + + + 999999 + + + + + + + Qt::Horizontal + + + QSizePolicy::Expanding + + + + 882 + 20 + + + + + + + + Qt::Vertical + + + QSizePolicy::MinimumExpanding + + + + 20 + 60 + + + + + + @@ -2084,6 +2915,14 @@ + + + FWObjectDropArea + QWidget +
FWObjectDropArea.h
+ 1 + + pix_disable_rule_log pix_logLevel @@ -2124,813 +2963,12 @@ pf_global pf_max_src_conn_rate_num pf_max_src_conn_rate_seconds - ipfw_stateless pf_logPrefix - - pf_max_src_states - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 22 - 59 - - - 20 - 20 - - - - - pf_max_src_nodes - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 22 - 59 - - - 20 - 20 - - - - - pf_source_tracking - toggled(bool) - RuleOptionsDialog_q - changed() - - - 22 - 59 - - - 20 - 20 - - - - - pf_rule_max_state - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 409 - 59 - - - 20 - 20 - - - - - pix_log_interval - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 22 - 59 - - - 20 - 20 - - - - - pix_logLevel - activated(int) - RuleOptionsDialog_q - changed() - - - 22 - 59 - - - 20 - 20 - - - - - pix_disable_rule_log - toggled(bool) - RuleOptionsDialog_q - changed() - - - 22 - 59 - - - 20 - 20 - - - - - pf_logPrefix - editingFinished() - RuleOptionsDialog_q - changed() - - - 22 - 59 - - - 20 - 20 - - - - - ipfw_stateless - toggled(bool) - RuleOptionsDialog_q - changed() - - - 22 - 59 - - - 20 - 20 - - - - - ipf_stateless - toggled(bool) - RuleOptionsDialog_q - changed() - - - 22 - 79 - - - 20 - 20 - - - - - ipf_masq_icmp - toggled(bool) - RuleOptionsDialog_q - changed() - - - 22 - 105 - - - 20 - 20 - - - - - ipf_logLevel - activated(int) - RuleOptionsDialog_q - changed() - - - 22 - 59 - - - 20 - 20 - - - - - ipf_logFacility - activated(int) - RuleOptionsDialog_q - changed() - - - 22 - 59 - - - 20 - 20 - - - - - ipf_keep_frags - toggled(bool) - RuleOptionsDialog_q - changed() - - - 22 - 131 - - - 20 - 20 - - - - - ipt_burst - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 26 - 82 - - - 20 - 20 - - - - - ipt_connlimit - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 26 - 82 - - - 20 - 20 - - - - - ipt_connlimit_masklen - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 26 - 82 - - - 20 - 20 - - - - - ipt_limit - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 26 - 82 - - - 20 - 20 - - - - - ipt_limitSuffix - activated(int) - RuleOptionsDialog_q - changed() - - - 26 - 82 - - - 20 - 20 - - - - - ipt_logLevel - activated(int) - RuleOptionsDialog_q - changed() - - - 26 - 82 - - - 20 - 20 - - - - - ipt_logPrefix - editingFinished() - RuleOptionsDialog_q - changed() - - - 26 - 82 - - - 20 - 20 - - - - - ipt_nlgroup - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 26 - 82 - - - 20 - 20 - - - - - ipt_stateless - toggled(bool) - RuleOptionsDialog_q - changed() - - - 26 - 130 - - - 20 - 20 - - - - - ipt_hashlimit - valueChanged(QString) - RuleOptionsDialog_q - changed() - - - 50 - 119 - - - 20 - 20 - - - - - ipt_hashlimit_burst - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 295 - 119 - - - 20 - 20 - - - - - ipt_hashlimit_dstlimit - toggled(bool) - RuleOptionsDialog_q - changed() - - - 26 - 93 - - - 20 - 20 - - - - - ipt_hashlimit_suffix - activated(int) - RuleOptionsDialog_q - changed() - - - 131 - 119 - - - 20 - 20 - - - - - pf_max_src_conn - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 409 - 80 - - - 20 - 20 - - - - - pf_flush - toggled(bool) - RuleOptionsDialog_q - changed() - - - 254 - 142 - - - 20 - 20 - - - - - pf_global - toggled(bool) - RuleOptionsDialog_q - changed() - - - 316 - 142 - - - 20 - 20 - - - - - pf_overload_table - editingFinished() - RuleOptionsDialog_q - changed() - - - 115 - 142 - - - 20 - 20 - - - - - pf_max_src_conn_rate_num - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 409 - 111 - - - 20 - 20 - - - - - pf_max_src_conn_rate_seconds - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 524 - 111 - - - 20 - 20 - - - - - ipt_hashlimit_expire - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 427 - 173 - - - 20 - 20 - - - - - ipt_hashlimit_gcinterval - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 757 - 173 - - - 20 - 20 - - - - - ipt_hashlimit_max - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 254 - 173 - - - 20 - 20 - - - - - ipt_hashlimit_name - editingFinished() - RuleOptionsDialog_q - changed() - - - 214 - 82 - - - 20 - 20 - - - - - ipt_hashlimit_size - valueChanged(int) - RuleOptionsDialog_q - changed() - - - 91 - 173 - - - 20 - 20 - - - - - cb_srcip - released() - RuleOptionsDialog_q - changed() - - - 462 - 124 - - - 460 - -6 - - - - - cb_dstip - released() - RuleOptionsDialog_q - changed() - - - 513 - 123 - - - 511 - -3 - - - - - cb_srcport - released() - RuleOptionsDialog_q - changed() - - - 589 - 126 - - - 579 - -8 - - - - - cb_dstport - released() - RuleOptionsDialog_q - changed() - - - 651 - 124 - - - 642 - -6 - - - - - pf_modulate - stateChanged(int) - RuleOptionsDialog_q - changed() - - - 561 - 81 - - - 561 - 115 - - - - - pf_synproxy - stateChanged(int) - RuleOptionsDialog_q - changed() - - - 561 - 105 - - - 561 - 115 - - - - - pf_sloppy_tracker - stateChanged(int) - RuleOptionsDialog_q - changed() - - - 565 - 132 - - - 561 - 142 - - - - - ipt_assume_fw_is_part_of_any - currentIndexChanged(int) - RuleOptionsDialog_q - changed() - - - 528 - 70 - - - 561 - 150 - - - - - pf_stateless - toggled(bool) - RuleOptionsDialog_q - changed() - - - 570 - 97 - - - 567 - 162 - - - - - pf_keep_state - toggled(bool) - RuleOptionsDialog_q - changed() - - - 570 - 147 - - - 567 - 162 - - - - - pf_no_sync - toggled(bool) - RuleOptionsDialog_q - changed() - - - 570 - 127 - - - 567 - 162 - - - - - pf_pflow - toggled(bool) - RuleOptionsDialog_q - changed() - - - 570 - 153 - - - 567 - 162 - - - ipt_connlimit_above_not clicked() @@ -2963,22 +3001,6 @@ - - iosacl_add_mirror_rule - toggled(bool) - RuleOptionsDialog_q - changed() - - - 596 - 223 - - - 592 - 162 - - - changed() diff --git a/src/libgui/utils.cpp b/src/libgui/utils.cpp index fd438f2e3..6f149fb16 100644 --- a/src/libgui/utils.cpp +++ b/src/libgui/utils.cpp @@ -485,7 +485,10 @@ QPixmap LoadPixmap(const QString &path) QString calculateIconName(const QString &_icn, bool negation) { - QString icn = ":/Icons/" + _icn + "/icon"; + // if _icn has white space, use only the first word + QStringList icnl = _icn.split(" "); + + QString icn = ":/Icons/" + icnl[0] + "/icon"; if (negation) {