blob: 357ff28f296609af9bf55afecc8a8c9b63978838 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
rulenumber=1
while [ -n "$rulenumber" ]; do
rulenumber=$(qvm-firewall "$qube" list | dmenu-unlinked -l 50 -p "$qube:" | cut -f1 -d\ )
if [ "$(echo "$rulenumber" | wc -w)" -eq 1 ]; then
# This will equal "NO" if the user selects the top row,
# instead of any existing rule.
if [ "$rulenumber" != NO ]; then
option=$(printf "Add new rule above rule $rulenumber\nRemove rule $rulenumber" | dmenu-unlinked -i -l 2 -p "$qube:" | cut -f1 -d\ )
else
option=Add
fi
if [ "$option" = Remove ]; then
nyprompt "Remove rule $rulenumber?" &&
qvm-firewall "$qube" del --rule-no "$rulenumber"
elif [ "$option" = Add ]; then
[ -n "$RULEARGS" ] && unset RULEARGS
action=$(printf 'Accept\nDrop' | dmenu-unlinked -i -l 2 -p "Select action for the new firewall rule:" | awk '{print tolower($0)}')
if [ -n "$action" ]; then
# Prompt the user to escape matches they want to leave empty. Leaving a match empty by pressing <Return> will prevent the rule from being created.
echo Continue... | dmenu-unlinked -p 'You will now be prompted to select the matches for the new rule. Please skip matches that you want to leave empty by escaping with <Escape> or <C-c>.' > /dev/null 2>&1
RULEARGS="$action"
specialtarget=$(: | dmenu-unlinked -p "ACTION=$RULEARGS <specialtarget>") &&
RULEARGS="$RULEARGS SPECIALTARGET=$specialtarget"
dsthost=$(: | dmenu-unlinked -p "ACTION=$RULEARGS <dsthost>") &&
RULEARGS="$RULEARGS DSTHOST=$dsthost"
proto=$(printf 'tcp\nudp\nicmp' | dmenu-unlinked -l 3 -p "ACTION=$RULEARGS <proto>") &&
RULEARGS="$RULEARGS PROTO=$proto"
if [ "$proto" = tcp ] || [ "$proto" = udp ]; then
dstports=$(: | dmenu-unlinked -p "ACTION=$RULEARGS <dstports>") &&
RULEARGS="$RULEARGS DSTPORTS=$dstports"
elif [ "$proto" = icmp ]; then
icmptype=$(: | dmenu-unlinked -p "ACTION=$RULEARGS <icmptype>") &&
RULEARGS="$RULEARGS ICMPTYPE=$icmptype"
fi
comment=$(: | dmenu-unlinked -p "ACTION=$RULEARGS <comment>") &&
RULEARGS="$RULEARGS COMMENT=$comment"
if nyprompt "Add the following rule to $qube? {{ ACTION=$RULEARGS }}"; then
[ -n "$beforerule" ] && unset beforerule
[ "$rulenumber" != NO ] && beforerule=$(echo --before "$rulenumber")
RULEARGS=$(echo "$RULEARGS" | awk '{print tolower($0)}')
qvm-firewall "$qube" add $beforerule $RULEARGS ||
echo Go back... | dmenu-unlinked -p 'Error: Failed to add firewall rule! See 'qvm-firewall --help' for more information.' > /dev/null 2>&1
fi
fi
fi
fi
done
|
