File indexing completed on 2025-01-05 05:07:02
0001 // SPDX-License-Identifier: GPL-2.0-or-later 0002 // SPDX-FileCopyrightText: 2020 Lucas Biaggi <lbjanuario@gmail.com> 0003 0004 #include <KConfigGroup> 0005 #include <KLocalizedString> 0006 #include <KPluginFactory> 0007 0008 #include <QDBusMetaType> 0009 #include <QDebug> 0010 #include <QDir> 0011 #include <QNetworkInterface> 0012 #include <QProcess> 0013 #include <QStandardPaths> 0014 #include <QVariantList> 0015 #include <QVariantMap> 0016 0017 #include <loglistmodel.h> 0018 #include <rulelistmodel.h> 0019 #include <systemdjob.h> 0020 0021 #include "firewalldclient.h" 0022 #include "firewalldjob.h" 0023 #include "firewalldlogmodel.h" 0024 #include "queryrulesfirewalldjob.h" 0025 0026 #include "dbustypes.h" 0027 0028 K_PLUGIN_CLASS_WITH_JSON(FirewalldClient, "firewalldbackend.json") 0029 Q_LOGGING_CATEGORY(FirewallDClientDebug, "firewalld.client") 0030 0031 FirewalldClient::FirewalldClient(QObject *parent, const QVariantList &args) 0032 : IFirewallClientBackend(parent, args) 0033 , m_rulesModel(new RuleListModel(this)) 0034 , m_logsAutoRefresh(false) 0035 { 0036 queryExecutable("firewalld"); 0037 0038 qDBusRegisterMetaType<firewalld_reply>(); 0039 qDBusRegisterMetaType<QList<firewalld_reply>>(); 0040 } 0041 0042 QString FirewalldClient::name() const 0043 { 0044 return QStringLiteral("firewalld"); 0045 } 0046 0047 void FirewalldClient::refresh() 0048 { 0049 queryStatus(FirewallClient::DefaultDataBehavior::ReadDefaults, FirewallClient::ProfilesBehavior::ListenProfiles); 0050 } 0051 0052 bool FirewalldClient::enabled() const 0053 { 0054 return m_currentProfile.enabled(); 0055 } 0056 0057 KJob *FirewalldClient::setEnabled(const bool value) 0058 { 0059 if (enabled() == value) { 0060 return nullptr; 0061 } 0062 0063 SystemdJob *job = new SystemdJob(static_cast<SYSTEMD::actions>(value), QStringLiteral("firewalld.service")); 0064 0065 connect(job, &KJob::result, this, [this, job, value] { 0066 if (job->error()) { 0067 qCDebug(FirewallDClientDebug) << "Job Error: " << job->error() << job->errorString(); 0068 return; 0069 } 0070 m_currentProfile.setEnabled(value); 0071 if (value) { 0072 FirewalldJob *authjob = new FirewalldJob(FirewalldJob::ALL); 0073 connect(authjob, &KJob::result, this, [this, authjob] { 0074 if (authjob->error()) { 0075 qCDebug(FirewallDClientDebug) << "Job AuthError: " << authjob->error() << authjob->errorString(); 0076 return; 0077 } 0078 queryStatus(FirewallClient::DefaultDataBehavior::ReadDefaults, FirewallClient::ProfilesBehavior::DontListenProfiles); 0079 }); 0080 authjob->start(); 0081 } 0082 Q_EMIT enabledChanged(value); 0083 }); 0084 0085 return job; 0086 } 0087 0088 KJob *FirewalldClient::queryStatus(FirewallClient::DefaultDataBehavior defaultsBehavior, FirewallClient::ProfilesBehavior profilesBehavior) 0089 { 0090 Q_UNUSED(defaultsBehavior); 0091 Q_UNUSED(profilesBehavior); 0092 QueryRulesFirewalldJob *job = new QueryRulesFirewalldJob(); 0093 0094 connect(job, &QueryRulesFirewalldJob::result, this, [this, job] { 0095 if (job->error()) { 0096 qCDebug(FirewallDClientDebug) << "Query rules job error: " << job->error() << job->errorString(); 0097 return; 0098 } 0099 qCDebug(FirewallDClientDebug) << job->name(); 0100 QList<Rule *> const rules = extractRulesFromResponse(job->getFirewalldreply()) + extractRulesFromResponse(job->getServices()); 0101 const QVariantMap args = {{"defaultIncomingPolicy", defaultIncomingPolicy()}, 0102 {"defaultOutgoingPolicy", defaultOutgoingPolicy()}, 0103 {"status", true}, 0104 {"ipv6Enabled", true}}; 0105 setProfile(Profile(rules, args)); 0106 }); 0107 job->start(); 0108 return job; 0109 } 0110 0111 void FirewalldClient::setLogsAutoRefresh(bool logsAutoRefresh) 0112 { 0113 if (m_logsAutoRefresh == logsAutoRefresh) { 0114 return; 0115 } 0116 0117 if (logsAutoRefresh) { 0118 connect(&m_logsRefreshTimer, &QTimer::timeout, this, &FirewalldClient::refreshLogs); 0119 m_logsRefreshTimer.setInterval(3000); 0120 m_logsRefreshTimer.start(); 0121 } else { 0122 disconnect(&m_logsRefreshTimer, &QTimer::timeout, this, &FirewalldClient::refreshLogs); 0123 m_logsRefreshTimer.stop(); 0124 } 0125 0126 m_logsAutoRefresh = logsAutoRefresh; 0127 Q_EMIT logsAutoRefreshChanged(m_logsAutoRefresh); 0128 } 0129 0130 void FirewalldClient::refreshLogs(){}; 0131 0132 RuleListModel *FirewalldClient::rules() const 0133 { 0134 return m_rulesModel; 0135 } 0136 0137 Rule *FirewalldClient::ruleAt(int index) 0138 { 0139 auto cRules = m_currentProfile.rules(); 0140 0141 if (index < 0 || index >= cRules.count()) { 0142 return nullptr; 0143 } 0144 0145 Rule *rule = cRules.at(index); 0146 return rule; 0147 } 0148 KJob *FirewalldClient::addRule(Rule *rule) 0149 { 0150 if (rule == nullptr) { 0151 qWarning() << "Invalid rule"; 0152 return nullptr; 0153 } 0154 0155 qCDebug(FirewallDClientDebug) << rule->toStr(); 0156 0157 QVariantList dbusArgs = buildRule(rule); 0158 if (rule->simplified()) { 0159 dbusArgs.push_back(QVariant(0)); 0160 } 0161 qCDebug(FirewallDClientDebug) << "sending job ... rule simplified ? " << rule->simplified(); 0162 qCDebug(FirewallDClientDebug) << "Dbus Args...." << dbusArgs; 0163 FirewalldJob *job = rule->simplified() ? new FirewalldJob("addService", dbusArgs, FirewalldJob::SIMPLIFIEDRULE) : new FirewalldJob("addRule", dbusArgs); 0164 0165 connect(job, &KJob::result, this, [this, job] { 0166 if (job->error()) { 0167 qCDebug(FirewallDClientDebug) << job->errorString() << job->error(); 0168 return; 0169 } 0170 queryStatus(FirewallClient::DefaultDataBehavior::ReadDefaults, FirewallClient::ProfilesBehavior::DontListenProfiles); 0171 }); 0172 0173 job->start(); 0174 return job; 0175 } 0176 0177 KJob *FirewalldClient::removeRule(int index) 0178 { 0179 QVariantList dbusArgs = buildRule(ruleAt(index)); 0180 // FirewalldJob *job = new FirewalldJob("removeRule", dbusArgs); 0181 FirewalldJob *job = ruleAt(index)->simplified() ? new FirewalldJob("removeService", dbusArgs, FirewalldJob::SIMPLIFIEDRULE) : // if true simplie interface 0182 new FirewalldJob("removeRule", dbusArgs); 0183 connect(job, &KJob::result, this, [this, job] { 0184 if (job->error()) { 0185 qCDebug(FirewallDClientDebug) << job->errorString() << job->error(); 0186 return; 0187 } 0188 refresh(); 0189 }); 0190 0191 job->start(); 0192 return job; 0193 } 0194 0195 KJob *FirewalldClient::updateRule(Rule *ruleWrapper) 0196 { 0197 /* not supported by the backend */ 0198 // TODO 0199 Q_UNUSED(ruleWrapper) 0200 return nullptr; 0201 } 0202 0203 bool FirewalldClient::supportsRuleUpdate() const 0204 { 0205 return false; 0206 } 0207 0208 KJob *FirewalldClient::moveRule(int from, int to) 0209 { 0210 QList<Rule *> cRules = m_currentProfile.rules(); 0211 if (from < 0 || from >= cRules.count()) { 0212 qWarning() << "invalid from index"; 0213 } 0214 0215 if (to < 0 || to >= cRules.count()) { 0216 qWarning() << "invalid to index"; 0217 } 0218 // Correct indices 0219 from += 1; 0220 to += 1; 0221 0222 QVariantMap args{ 0223 {"cmd", "moveRule"}, 0224 {"from", from}, 0225 {"to", to}, 0226 }; 0227 0228 return new FirewalldJob(); 0229 } 0230 0231 bool FirewalldClient::logsAutoRefresh() const 0232 { 0233 return m_logsAutoRefresh; 0234 } 0235 0236 Rule *FirewalldClient::createRuleFromConnection(const QString &protocol, const QString &localAddress, const QString &foreignAddres, const QString &status) 0237 { 0238 auto _localAddress = localAddress; 0239 _localAddress.replace("*", ""); 0240 _localAddress.replace("0.0.0.0", ""); 0241 0242 auto _foreignAddres = foreignAddres; 0243 _foreignAddres.replace("*", ""); 0244 _foreignAddres.replace("0.0.0.0", ""); 0245 0246 auto localAddressData = _localAddress.split(":"); 0247 auto foreignAddresData = _foreignAddres.split(":"); 0248 0249 auto rule = new Rule(); 0250 rule->setIncoming(status == QStringLiteral("LISTEN")); 0251 rule->setPolicy("deny"); 0252 0253 // Prepare rule draft 0254 if (status == QStringLiteral("LISTEN")) { 0255 rule->setSourceAddress(foreignAddresData[0]); 0256 rule->setSourcePort(foreignAddresData[1]); 0257 rule->setDestinationAddress(localAddressData[0]); 0258 rule->setDestinationPort(localAddressData[1]); 0259 } else { 0260 rule->setSourceAddress(localAddressData[0]); 0261 rule->setSourcePort(localAddressData[1]); 0262 rule->setDestinationAddress(foreignAddresData[0]); 0263 rule->setDestinationPort(foreignAddresData[1]); 0264 } 0265 0266 rule->setProtocol(knownProtocols().indexOf(protocol.toUpper())); 0267 return rule; 0268 } 0269 0270 Rule *FirewalldClient::createRuleFromLog(const QString &protocol, 0271 const QString &sourceAddress, 0272 const QString &sourcePort, 0273 const QString &destinationAddress, 0274 const QString &destinationPort, 0275 const QString &inn) 0276 { 0277 // Transform to the ufw notation 0278 auto rule = new Rule(); 0279 0280 auto _sourceAddress = sourceAddress; 0281 _sourceAddress.replace("*", ""); 0282 _sourceAddress.replace("0.0.0.0", ""); 0283 0284 auto _destinationAddress = destinationAddress; 0285 _destinationAddress.replace("*", ""); 0286 _destinationAddress.replace("0.0.0.0", ""); 0287 0288 // Prepare rule draft 0289 rule->setIncoming(inn.size()); 0290 rule->setPolicy("allow"); 0291 rule->setSourceAddress(_sourceAddress); 0292 rule->setSourcePort(sourcePort); 0293 0294 rule->setDestinationAddress(_destinationAddress); 0295 rule->setDestinationPort(destinationPort); 0296 0297 rule->setProtocol(knownProtocols().indexOf(protocol.toUpper())); 0298 return rule; 0299 } 0300 0301 void FirewalldClient::refreshProfiles() 0302 { 0303 } 0304 0305 bool FirewalldClient::isTcpAndUdp(int protocolIdx) 0306 { 0307 Q_UNUSED(protocolIdx); 0308 return false; 0309 } 0310 0311 QVariantList FirewalldClient::buildRule(const Rule *r) const 0312 { 0313 qCDebug(FirewallDClientDebug) << "rule simplified? -> " << r->simplified(); 0314 if (r->simplified()) { 0315 qCDebug(FirewallDClientDebug) << "rule simplified content: " << r->toStr(); 0316 if (!r->sourceApplication().isEmpty()) { 0317 return QVariantList({"", r->sourceApplication()}); 0318 } 0319 } 0320 QVariantMap args{ 0321 {"priority", 0}, 0322 {"destinationPort", r->destinationPort()}, 0323 {"sourcePort", r->sourcePort()}, 0324 {"type", QString(r->protocolSuffix(r->protocol())).replace("/", "")}, // tcp or udp 0325 {"destinationAddress", r->destinationAddress()}, 0326 {"sourceAddress", r->sourceAddress()}, 0327 {"interface_in", r->interfaceIn()}, 0328 {"interface_out", r->interfaceOut()}, 0329 {"table", "filter"}, 0330 }; 0331 0332 args.insert("chain", r->incoming() ? "INPUT" : "OUTPUT"); 0333 0334 switch (r->action()) { 0335 case Types::POLICY_ALLOW: 0336 args.insert("action", "ACCEPT"); 0337 break; 0338 case Types::POLICY_REJECT: 0339 args.insert("action", "REJECT"); 0340 break; 0341 default: 0342 args.insert("action", "DROP"); 0343 } 0344 0345 QStringList firewalld_direct_rule = {"-j", args.value("action").toString()}; 0346 0347 auto value = args.value("type").toString(); 0348 if (!value.isEmpty()) { 0349 firewalld_direct_rule << "-p" << value.toLower(); 0350 } 0351 0352 value = args.value("destinationAddress").toString(); 0353 if (!value.isEmpty()) { 0354 firewalld_direct_rule << "-d" << value; 0355 } 0356 0357 value = args.value("destinationPort").toString(); 0358 if (!value.isEmpty()) { 0359 firewalld_direct_rule << "--dport=" + value; 0360 } 0361 0362 value = args.value("sourceAddress").toString(); 0363 if (!value.isEmpty()) { 0364 firewalld_direct_rule << "-s" << value; 0365 } 0366 0367 value = args.value("sourcePort").toString(); 0368 if (!value.isEmpty()) { 0369 firewalld_direct_rule << "--sport=" + value; 0370 } 0371 0372 value = args.value(args.value("chain") == "INPUT" ? "interface_in" : "interface_out").toString(); 0373 if (!value.isEmpty() && !value.isNull()) { 0374 firewalld_direct_rule << "-i" << value; 0375 } 0376 0377 QString ipvf = r->ipv6() == true ? "ipv6" : "ipv4"; 0378 qCDebug(FirewallDClientDebug) << firewalld_direct_rule; 0379 return QVariantList({ipvf, args.value("table"), args.value("chain"), args.value("priority"), firewalld_direct_rule}); 0380 } 0381 0382 QString FirewalldClient::defaultIncomingPolicy() const 0383 { 0384 auto policy_t = m_currentProfile.defaultIncomingPolicy(); 0385 return Types::toString(policy_t); 0386 }; 0387 0388 QString FirewalldClient::defaultOutgoingPolicy() const 0389 { 0390 auto policy_t = m_currentProfile.defaultOutgoingPolicy(); 0391 return Types::toString(policy_t); 0392 }; 0393 0394 KJob *FirewalldClient::setDefaultIncomingPolicy(QString defaultIncomingPolicy) 0395 { 0396 FirewalldJob *job = new FirewalldJob(); 0397 connect(job, &KJob::result, this, [this, job, defaultIncomingPolicy] { 0398 if (job->error()) { 0399 qCDebug(FirewallDClientDebug) << job->errorString() << job->error(); 0400 return; 0401 } 0402 m_currentProfile.setDefaultIncomingPolicy(defaultIncomingPolicy); 0403 }); 0404 0405 job->start(); 0406 return job; 0407 }; 0408 0409 KJob *FirewalldClient::setDefaultOutgoingPolicy(QString defaultOutgoingPolicy) 0410 { 0411 FirewalldJob *job = new FirewalldJob(); 0412 connect(job, &KJob::result, this, [this, job, defaultOutgoingPolicy] { 0413 if (job->error()) { 0414 qCDebug(FirewallDClientDebug) << job->errorString() << job->error(); 0415 return; 0416 } 0417 m_currentProfile.setDefaultOutgoingPolicy(defaultOutgoingPolicy); 0418 }); 0419 0420 job->start(); 0421 return job; 0422 }; 0423 0424 KJob *FirewalldClient::save() 0425 { 0426 FirewalldJob *job = new FirewalldJob(FirewalldJob::SAVEFIREWALLD); 0427 0428 connect(job, &KJob::result, this, [this, job] { 0429 if (job->error()) { 0430 qCDebug(FirewallDClientDebug) << job->name() << job->errorString() << job->error(); 0431 return; 0432 } 0433 queryStatus(FirewallClient::DefaultDataBehavior::ReadDefaults, FirewallClient::ProfilesBehavior::DontListenProfiles); 0434 }); 0435 job->start(); 0436 return job; 0437 }; 0438 0439 LogListModel *FirewalldClient::logs() 0440 { 0441 if (!m_logs) { 0442 m_logs = new FirewalldLogModel(this); 0443 } 0444 return m_logs; 0445 } 0446 0447 QList<Rule *> FirewalldClient::extractRulesFromResponse(const QStringList &reply) const 0448 { 0449 QList<Rule *> simple_rules; 0450 if (reply.size() <= 0) { 0451 return {}; 0452 } 0453 for (auto r : reply) { 0454 // ipv4 0455 simple_rules.push_back(new Rule(Types::POLICY_ALLOW, 0456 true, 0457 Types::LOGGING_OFF, 0458 -1, // TODO retrieve protocol service from firewalld 0459 "0.0.0.0", // passthrough any connection 0460 "0", // TODO retrieve port service from firewalld 0461 "0.0.0.0", 0462 "0", 0463 "", 0464 "", 0465 r, // service name 0466 r, // service name 0467 0, // ignore position 0468 false // ipv family type not relevant to firewalld zone "simple" interface 0469 )); 0470 // ipv6 0471 simple_rules.push_back(new Rule(Types::POLICY_ALLOW, 0472 true, 0473 Types::LOGGING_OFF, 0474 -1, // TODO retrieve protocol service from firewalld 0475 "::", // passthrough any connection 0476 "0", // TODO retrieve port service from firewalld 0477 "::", 0478 "0", 0479 "", 0480 "", 0481 r, // service name 0482 r, // service name 0483 0, // ignore position 0484 false // ipv family type not relevant to firewalld zone "simple" interface 0485 )); 0486 } 0487 return simple_rules; 0488 } 0489 0490 QList<Rule *> FirewalldClient::extractRulesFromResponse(const QList<firewalld_reply> &reply) const 0491 { 0492 QList<Rule *> message_rules; 0493 if (reply.size() <= 0) { 0494 return {}; 0495 } 0496 0497 int i = 0; 0498 for (auto r : reply) { 0499 const auto action = r.rules.at(r.rules.indexOf("-j") + 1) == "ACCEPT" ? Types::POLICY_ALLOW 0500 : r.rules.at(r.rules.indexOf("-j") + 1) == "REJECT" ? Types::POLICY_REJECT 0501 : Types::POLICY_DENY; 0502 0503 const auto sourceAddress = r.rules.indexOf("-s") > 0 ? r.rules.at(r.rules.indexOf("-s") + 1) : ""; 0504 const auto destinationAddress = r.rules.indexOf("-d") >= 0 ? r.rules.at(r.rules.indexOf("-d") + 1) : ""; 0505 const auto interface_in = r.rules.indexOf("-i") >= 0 ? r.rules.at(r.rules.indexOf("-i") + 1) : ""; 0506 const auto interface_out = r.rules.indexOf("-i") >= 0 ? r.rules.at(r.rules.indexOf("-i") + 1) : ""; 0507 0508 if (r.rules.indexOf("-p") < 0) { 0509 qWarning() << "Error forming rule"; 0510 } 0511 0512 const QString protocolName = r.rules.at(r.rules.indexOf("-p") + 1); 0513 const int protocolIdx = FirewallClient::knownProtocols().indexOf(protocolName.toUpper()); 0514 0515 const int sourcePortIdx = r.rules.indexOf(QRegularExpression("^" + QRegularExpression::escape("--sport") + ".+")); 0516 const auto sourcePort = sourcePortIdx != -1 ? r.rules.at(sourcePortIdx).section("=", -1) : QStringLiteral(""); 0517 const int destPortIdx = r.rules.indexOf(QRegularExpression("^" + QRegularExpression::escape("--dport") + ".+")); 0518 const auto destPort = destPortIdx != -1 ? r.rules.at(destPortIdx).section("=", -1) : QStringLiteral(""); 0519 0520 message_rules.push_back(new Rule(action, 0521 r.chain == "INPUT", 0522 Types::LOGGING_OFF, 0523 protocolIdx, 0524 sourceAddress, 0525 sourcePort, 0526 destinationAddress, 0527 destPort, 0528 r.chain == "INPUT" ? interface_in : "", 0529 r.chain == "OUTPUT" ? interface_out : "", 0530 "", 0531 "", 0532 i, 0533 r.ipv == "ipv6", 0534 false)); 0535 i += 1; 0536 } 0537 0538 return message_rules; 0539 } 0540 0541 void FirewalldClient::setProfile(Profile profile) 0542 { 0543 auto oldProfile = m_currentProfile; 0544 m_currentProfile = profile; 0545 m_rulesModel->setProfile(m_currentProfile); 0546 qCDebug(FirewallDClientDebug) << "Profile incoming policy: " << m_currentProfile.defaultIncomingPolicy() 0547 << "Old profile policy: " << oldProfile.defaultIncomingPolicy(); 0548 if (m_currentProfile.enabled() != oldProfile.enabled()) { 0549 getDefaultIncomingPolicyFromDbus(); 0550 Q_EMIT enabledChanged(m_currentProfile.enabled()); 0551 } 0552 0553 if (enabled()) { 0554 if (m_currentProfile.defaultIncomingPolicy() != oldProfile.defaultIncomingPolicy()) { 0555 const QString policy = Types::toString(m_currentProfile.defaultIncomingPolicy()); 0556 Q_EMIT defaultIncomingPolicyChanged(policy); 0557 } 0558 if (m_currentProfile.defaultOutgoingPolicy() != oldProfile.defaultOutgoingPolicy()) { 0559 const QString policy = Types::toString(m_currentProfile.defaultOutgoingPolicy()); 0560 Q_EMIT defaultOutgoingPolicyChanged(policy); 0561 } 0562 queryKnownApplications(); 0563 } 0564 } 0565 0566 FirewallClient::Capabilities FirewalldClient::capabilities() const 0567 { 0568 return FirewallClient::SaveCapability; 0569 }; 0570 0571 QStringList FirewalldClient::knownProtocols() 0572 { 0573 return {"TCP", "UDP"}; 0574 } 0575 0576 bool FirewalldClient::isCurrentlyLoaded() const 0577 { 0578 QProcess process; 0579 const QString pname = "systemctl"; 0580 const QStringList args = {"status", "firewalld"}; 0581 0582 process.start(pname, args); 0583 process.waitForFinished(); 0584 0585 // systemctl returns 0 for status if the app is loaded, and 3 otherwise. 0586 qCDebug(FirewallDClientDebug) << "Firewalld is loaded?" << process.exitCode(); 0587 0588 return process.exitCode() == EXIT_SUCCESS; 0589 } 0590 0591 QString FirewalldClient::version() const 0592 { 0593 QProcess process; 0594 QStringList args = {"--version"}; 0595 0596 process.start("firewall-cmd", args); 0597 process.waitForFinished(); 0598 0599 if (process.exitCode() != EXIT_SUCCESS) { 0600 return i18n("Error fetching information from the firewall."); 0601 } 0602 0603 return process.readAllStandardOutput(); 0604 } 0605 0606 QStringList FirewalldClient::knownApplications() 0607 { 0608 return m_knownApplications; 0609 } 0610 0611 void FirewalldClient::queryKnownApplications() 0612 { 0613 FirewalldJob *job = new FirewalldJob(FirewalldJob::LISTSERVICES); 0614 0615 connect(job, &KJob::result, this, [this, job] { 0616 if (job->error()) { 0617 qCDebug(FirewallDClientDebug) << job->name() << job->errorString() << job->error(); 0618 return; 0619 } 0620 m_knownApplications = job->getServices(); 0621 }); 0622 job->start(); 0623 } 0624 void FirewalldClient::getDefaultIncomingPolicyFromDbus() 0625 { 0626 FirewalldJob *job = new FirewalldJob("getZoneSettings2", {""}, FirewalldJob::SIMPLELIST); 0627 connect(job, &KJob::result, this, [this, job] { 0628 if (job->error()) { 0629 qCDebug(FirewallDClientDebug) << job->name() << job->errorString() << job->error(); 0630 return; 0631 } 0632 QString policy = job->getDefaultIncomingPolicy(); 0633 qCDebug(FirewallDClientDebug) << "Incoming Policy (firewalld definition): " << policy; 0634 if (policy == "default" || policy == "reject") { 0635 qCDebug(FirewallDClientDebug) << "Setting incoming Policy: rejected"; 0636 m_currentProfile.setDefaultIncomingPolicy("reject"); 0637 } else if (policy == "allow") { 0638 qCDebug(FirewallDClientDebug) << "Setting incoming Policy: allowed"; 0639 m_currentProfile.setDefaultIncomingPolicy("allow"); 0640 } else { 0641 qCDebug(FirewallDClientDebug) << "Setting incoming Policy: denied"; 0642 m_currentProfile.setDefaultIncomingPolicy("deny"); 0643 } 0644 }); 0645 job->exec(); 0646 } 0647 0648 #include "firewalldclient.moc"