policyview.c

linux防火墙源代码 需要用的人自己下载看看 程序比较简单啊

		view = out_allow_to;
		path = POLICY_OUT_ALLOW_TO;
	} else if (type == RULETYPE_OUTBOUND_ALLOW_SERVICE) {
		data = g_strconcat (h->service, ", ", h->port, ", everyone", ", ", NULL);
		view = out_allow_service;
		path = POLICY_OUT_ALLOW_SERVICE;
	} else if (type == RULETYPE_OUTBOUND_ALLOW_SERVICE_FROM) {
		data = g_strconcat (h->service, ", ", h->port, ", ", h->source, ", ", NULL);
		view = out_allow_service;
		path = POLICY_OUT_ALLOW_SERVICE;
	}

	if (data) {
		append_to_file (path, data, TRUE);
		clear_ruleview (view);
		reload_view (GTK_TREE_VIEW (view), path);
		restart_firewall_if_active ();
		menus_policy_apply_enabled (FALSE);
	}
}

/* [ policyview_install_default_ruleset ]
 * Set some sane outbound defaults so the user doesn't lock himself out
 */
void
policyview_install_default_ruleset (void)
{
	Hit *h;

	h = g_new0 (Hit, 1);
	h->service = g_strdup ("DNS");
	h->port = g_strdup ("53");
	policyview_create_rule (RULETYPE_OUTBOUND_ALLOW_SERVICE, h);
	free_hit (h);
	h = g_new0 (Hit, 1);
	h->service = g_strdup ("HTTP");
	h->port = g_strdup ("80");
	policyview_create_rule (RULETYPE_OUTBOUND_ALLOW_SERVICE, h);
	free_hit (h);
	h = g_new0 (Hit, 1);
	h->service = g_strdup ("DHCP");
	h->port = g_strdup ("67-68");
	policyview_create_rule (RULETYPE_OUTBOUND_ALLOW_SERVICE, h);
	free_hit (h);
}

static GtkWidget *
setup_rule_view (View_def *def, gchar *path, GtkWidget *dialog, GtkWidget *menu)
{
	GtkWidget *view;

	view = gui_create_list_view (def, -1, RULEVIEW_HEIGHT);
	reload_view (GTK_TREE_VIEW (view), path);
	g_object_set_data (G_OBJECT (view), "dialog", dialog);
	g_object_set_data (G_OBJECT (view), "rule_file", path);
	g_signal_connect (G_OBJECT (view), "button_press_event",
	                  G_CALLBACK (ruleview_button_cb), menu);
	g_signal_connect (G_OBJECT (view), "cursor-changed",
	                  G_CALLBACK (ruleview_selection_cb), menu);
	g_signal_connect (G_OBJECT (view), "row-activated",
	                  G_CALLBACK (policyview_edit_rule), NULL);
	
	return view;
}

void
poicyview_update_nat_widgets (void)
{
	gboolean nat_enabled;
	
	nat_enabled = preferences_get_bool (PREFS_FW_NAT);

	gtk_widget_set_sensitive (in_forward, nat_enabled);
	gtk_widget_set_sensitive (out_allow_from, nat_enabled);
	gtk_widget_set_sensitive (out_deny_from, nat_enabled);
}

static GtkWidget *
create_inboundpolicy_page (void)
{
	GtkWidget *inbound_box;
	GtkWidget *scrolledwin;
	GtkWidget *menu;
	GtkWidget *dialog;

	/* Definitions of the views */
	View_def in_allow_from_def = {2, {
			{_("Allow connections from host"), G_TYPE_STRING, TRUE},
			{_("Comment"), G_TYPE_STRING, FALSE},
		}
	};
	View_def in_allow_service_def = {4, {
			{_("Allow service"), G_TYPE_STRING, TRUE},
			{_("Port"), G_TYPE_STRING, TRUE},
			{_("For"), G_TYPE_STRING, TRUE},
			{_("Comment"), G_TYPE_STRING, FALSE},
		}
	};
	View_def in_forward_def = {5, {
			{_("Forward service"), G_TYPE_STRING, TRUE},
			{_("Firewall Port"), G_TYPE_STRING, TRUE},
			{_("To"), G_TYPE_STRING, TRUE},
			{_("Port"), G_TYPE_STRING, TRUE},
			{_("Comment"), G_TYPE_STRING, FALSE},
		}
	};

	menu = menus_get_policy_context_menu ();
	inbound_box = gtk_vbox_new (FALSE, 0);

	dialog = create_dialog (_("Add new inbound rule"),
		RULE_HOST_SELECTOR, _("Allow connections from"),
		RULE_COMMENT, _("Comment"),
		-1);
	in_allow_from = setup_rule_view (&in_allow_from_def, POLICY_IN_ALLOW_FROM, dialog, menu);
	scrolledwin = embed_in_scrolled_window (in_allow_from);
	gtk_box_pack_start (GTK_BOX (inbound_box), scrolledwin, TRUE, TRUE, 0);

	dialog = create_dialog (_("Add new inbound rule"),
		RULE_SERVICE_SELECTOR, _("Allow service"),
		RULE_TARGET_SELECTOR, _("When the source is"), TARGET_ANYONE | TARGET_LAN | TARGET_HOST,
		RULE_COMMENT, _("Comment"),
		-1);
	in_allow_service = setup_rule_view (&in_allow_service_def, POLICY_IN_ALLOW_SERVICE, dialog, menu);
	scrolledwin = embed_in_scrolled_window (in_allow_service);
	gtk_box_pack_start (GTK_BOX (inbound_box), scrolledwin, TRUE, TRUE, 0);

	dialog = create_dialog (_("Add new inbound rule"),
		RULE_SERVICE_SELECTOR, _("Forward service from firewall"),
		RULE_FORWARD_SELECTOR, _("To internal host"),
		RULE_COMMENT, _("Comment"),
		-1);
	in_forward = setup_rule_view (&in_forward_def, POLICY_IN_FORWARD, dialog, menu);
	scrolledwin = embed_in_scrolled_window (in_forward);
	gtk_box_pack_start (GTK_BOX (inbound_box), scrolledwin, TRUE, TRUE, 0);

	gtk_widget_show_all (inbound_box);
	return inbound_box;
}

static GtkWidget *
create_outboundpolicy_page (void)
{
	GtkWidget *outbound_box, *permissive_box, *restrictive_box;
	GtkWidget *scrolledwin;
	GtkWidget *label;
	GtkWidget *button;
	GtkWidget *menu;
	GtkWidget *dialog;

	View_def out_deny_to_def = {2, {
			{_("Deny connections to host"), G_TYPE_STRING, TRUE},
			{_("Comment"), G_TYPE_STRING, FALSE},
		}
	};
	View_def out_deny_from_def = {2, {
			{_("Deny connections from LAN host"), G_TYPE_STRING, TRUE},
			{_("Comment"), G_TYPE_STRING, FALSE},
		}
	};
	View_def out_deny_service_def = {4, {
			{_("Deny service"), G_TYPE_STRING, TRUE},
			{_("Port"), G_TYPE_STRING, TRUE},
			{_("For"), G_TYPE_STRING, TRUE},
			{_("Comment"), G_TYPE_STRING, FALSE},
		}
	};

	View_def out_allow_to_def = {2, {
			{_("Allow connections to host"), G_TYPE_STRING, TRUE},
			{_("Comment"), G_TYPE_STRING, FALSE},
		}
	};
	View_def out_allow_from_def = {2, {
			{_("Allow connections from LAN host"), G_TYPE_STRING, TRUE},
			{_("Comment"), G_TYPE_STRING, FALSE},
		}
	};
	View_def out_allow_service_def = {4, {
			{_("Allow service"), G_TYPE_STRING, TRUE},
			{_("Port"), G_TYPE_STRING, TRUE},
			{_("For"), G_TYPE_STRING, TRUE},
			{_("Comment"), G_TYPE_STRING, FALSE},
		}
	};

	menu = menus_get_policy_context_menu ();

	label = gtk_label_new (NULL);
	gtk_label_set_markup (GTK_LABEL (label), g_strconcat (
		"<b>", _("_Outbound traffic"), "</b>", NULL));

	outbound_box = gtk_vbox_new (FALSE, 0);
	permissive_box = gtk_vbox_new (FALSE, 0);
	restrictive_box = gtk_vbox_new (FALSE, 0);

	button = gtk_radio_button_new_with_label (NULL,
		_("Permissive by default, blacklist traffic"));
	gtk_box_pack_start (GTK_BOX (outbound_box), button, FALSE, FALSE, 2);
	g_signal_connect (G_OBJECT (button), "toggled",
	                  G_CALLBACK (widget_visibility_sync_toggle), permissive_box);

	button = gtk_radio_button_new_with_label_from_widget (GTK_RADIO_BUTTON (button),
		_("Restrictive by default, whitelist traffic"));
	/* Load default outbound mode policy */
	gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (button),
		preferences_get_bool (PREFS_FW_RESTRICTIVE_OUTBOUND_MODE));
	gtk_box_pack_start (GTK_BOX (outbound_box), button, FALSE, FALSE, 2);
	g_signal_connect (G_OBJECT (button), "toggled",
	                  G_CALLBACK (widget_visibility_sync_toggle), restrictive_box);
	g_signal_connect (G_OBJECT (button), "toggled",
	                  G_CALLBACK (set_outbound_mode), NULL);

/* Out: Permissive */
	gtk_box_pack_start (GTK_BOX (outbound_box), permissive_box, TRUE, TRUE, 0);

	dialog = create_dialog (_("Add new outbound rule"),
		RULE_HOST_SELECTOR, _("Deny connections to"),
		RULE_COMMENT, _("Comment"),
		-1);
	out_deny_to = setup_rule_view (&out_deny_to_def, POLICY_OUT_DENY_TO, dialog, menu);
	scrolledwin = embed_in_scrolled_window (out_deny_to);
	gtk_box_pack_start (GTK_BOX (permissive_box), scrolledwin, TRUE, TRUE, 0);

	dialog = create_dialog (_("Add new outbound rule"),
		RULE_HOST_SELECTOR, _("Deny connections from"),
		RULE_COMMENT, _("Comment"),
		-1);
	out_deny_from = setup_rule_view (&out_deny_from_def, POLICY_OUT_DENY_FROM, dialog, menu);
	scrolledwin = embed_in_scrolled_window (out_deny_from);
	gtk_box_pack_start (GTK_BOX (permissive_box), scrolledwin, TRUE, TRUE, 0);

	dialog = create_dialog (_("Add new outbound rule"),
		RULE_SERVICE_SELECTOR, _("Deny service"),
		RULE_TARGET_SELECTOR, _("When the source is"), TARGET_ALL,
		RULE_COMMENT, _("Comment"),
		-1);
	out_deny_service = setup_rule_view (&out_deny_service_def, POLICY_OUT_DENY_SERVICE, dialog, menu);
	scrolledwin = embed_in_scrolled_window (out_deny_service);
	gtk_box_pack_start (GTK_BOX (permissive_box), scrolledwin, TRUE, TRUE, 0);

/* Out: Restrictive */
	gtk_box_pack_start (GTK_BOX (outbound_box), restrictive_box, TRUE, TRUE, 0);

	dialog = create_dialog (_("Add new outbound rule"),
		RULE_HOST_SELECTOR, _("Allow connections to"),
		RULE_COMMENT, _("Comment"),
		-1);
	out_allow_to = setup_rule_view (&out_allow_to_def, POLICY_OUT_ALLOW_TO, dialog, menu);
	scrolledwin = embed_in_scrolled_window (out_allow_to);
	gtk_box_pack_start (GTK_BOX (restrictive_box), scrolledwin, TRUE, TRUE, 0);

	dialog = create_dialog (_("Add new outbound rule"),
		RULE_HOST_SELECTOR, _("Allow connections from"),
		RULE_COMMENT, _("Comment"),
		-1);
	out_allow_from = setup_rule_view (&out_allow_from_def, POLICY_OUT_ALLOW_FROM, dialog, menu);
	scrolledwin = embed_in_scrolled_window (out_allow_from);
	gtk_box_pack_start (GTK_BOX (restrictive_box), scrolledwin, TRUE, TRUE, 0);

	dialog = create_dialog (_("Add new outbound rule"),
		RULE_SERVICE_SELECTOR, _("Allow service"),
		RULE_TARGET_SELECTOR, _("When the source is"), TARGET_ALL,
		RULE_COMMENT, _("Comment"),
		-1);
	out_allow_service = setup_rule_view (&out_allow_service_def, POLICY_OUT_ALLOW_SERVICE, dialog, menu);
	scrolledwin = embed_in_scrolled_window (out_allow_service);
	gtk_box_pack_start (GTK_BOX (restrictive_box), scrolledwin, TRUE, TRUE, 0);

	if (preferences_get_bool (PREFS_FW_RESTRICTIVE_OUTBOUND_MODE)) {
		gtk_widget_show_all (permissive_box);
		gtk_widget_set_no_show_all (permissive_box, TRUE);
		gtk_widget_hide (permissive_box);
	} else {
		gtk_widget_show_all (restrictive_box);
		gtk_widget_set_no_show_all (restrictive_box, TRUE);
		gtk_widget_hide (restrictive_box);
	}

	return outbound_box;
}

static void
switch_policy_group (GtkComboBox *combo)
{
	GtkTreeIter iter;
	GtkTreeModel *model;
	gint policy_group;

	gtk_combo_box_get_active_iter (combo, &iter);
	model = gtk_combo_box_get_model (combo);
	gtk_tree_model_get (model, &iter, 0, &policy_group, -1);
	
	if (policy_group == POLICY_GROUP_INBOUND) {
		gtk_widget_hide (outbound_group);
		gtk_widget_show (inbound_group);
	} else if (policy_group == POLICY_GROUP_OUTBOUND) {
		gtk_widget_hide (inbound_group);
		gtk_widget_show (outbound_group);
	}

	menus_policy_edit_enabled (FALSE);
	menus_policy_remove_enabled (FALSE);
	menus_policy_add_enabled (FALSE);
}

GtkWidget *
create_policyview_page (void)
{
	GtkWidget *policypage;
	GtkWidget *hbox;
	GtkWidget *combo;
	GtkWidget *label;
	GtkCellRenderer *renderer;
	GtkTreeModel *model;
	GtkTreeIter iter;

	policypage = gtk_vbox_new (FALSE, 0);

	model = (GtkTreeModel *)gtk_list_store_new (2, G_TYPE_INT, G_TYPE_STRING);

	gtk_list_store_append (GTK_LIST_STORE (model), &iter);
	gtk_list_store_set (GTK_LIST_STORE (model), &iter,
	                    0, POLICY_GROUP_INBOUND,
	                    1, _("Inbound traffic policy"),
	                    -1);
	gtk_list_store_append (GTK_LIST_STORE (model), &iter);
	gtk_list_store_set (GTK_LIST_STORE (model), &iter,
	                    0, POLICY_GROUP_OUTBOUND,
	                    1, _("Outbound traffic policy"),
	                    -1);

	hbox = gtk_hbox_new (FALSE, 0);
	gtk_box_pack_start (GTK_BOX (policypage), hbox, FALSE, FALSE, 7);

	label = gtk_label_new (NULL);
	gtk_label_set_markup (GTK_LABEL (label), g_strconcat (
		"<span weight=\"bold\">", _("Editing"), "</span>", NULL));
	gtk_box_pack_start (GTK_BOX (hbox), label, FALSE, FALSE, GNOME_PAD_SMALL);

	combo = gtk_combo_box_new_with_model (model);
	gtk_combo_box_set_active (GTK_COMBO_BOX (combo), 0);
	renderer = gtk_cell_renderer_text_new ();
	gtk_cell_layout_pack_start (GTK_CELL_LAYOUT (combo), renderer, FALSE);
	gtk_cell_layout_set_attributes (GTK_CELL_LAYOUT (combo), renderer, "text", 1, NULL);
	g_signal_connect (combo, "changed",
	                  G_CALLBACK (switch_policy_group), NULL);

	gtk_box_pack_start (GTK_BOX (hbox), combo, FALSE, FALSE, 0);

	inbound_group = create_inboundpolicy_page ();
	gtk_box_pack_start (GTK_BOX (policypage), inbound_group, TRUE, TRUE, 0);

	outbound_group = create_outboundpolicy_page ();
	gtk_widget_show_all (outbound_group);
	gtk_widget_set_no_show_all (outbound_group, TRUE);
	gtk_widget_hide (outbound_group);
	gtk_box_pack_start (GTK_BOX (policypage), outbound_group, TRUE, TRUE, 0);

	/* Disable the buttons by default */
	menus_policy_edit_enabled (FALSE);
	menus_policy_remove_enabled (FALSE);
	menus_policy_add_enabled (FALSE);
	menus_policy_apply_enabled (FALSE);

	poicyview_update_nat_widgets ();

	gtk_widget_show_all (policypage);

	return policypage;
}