Switchboard Security & Privacy Plug

Merge lp:~tintou/switchboard-plug-security-privacy/firewalld into lp:~elementary-apps/switchboard-plug-security-privacy/trunk

firewalld
Merge into trunk

Proposed by Corentin Noël on 2016-12-31

Status:

Needs review

Proposed branch:

lp:~tintou/switchboard-plug-security-privacy/firewalld

Merge into:

lp:~elementary-apps/switchboard-plug-security-privacy/trunk

Diff against target:

805 lines (+199/-491)

8 files modified

CMakeLists.txt (+0/-4)
data/org.pantheon.security-privacy.policy.cmake (+0/-20)
data/security-privacy-plug-helper (+0/-24)
src/CMakeLists.txt (+1/-1)
src/FirewallPanel.vala (+149/-209)
src/Firewalld.vala (+49/-0)
src/Plug.vala (+0/-35)
src/UFWHelpers.vala (+0/-198)

To merge this branch:

bzr merge lp:~tintou/switchboard-plug-security-privacy/firewalld

Undecided

In Progress

Link a bug report

Reviewer	Review Type	Date Requested	Status
Danielle Foré		2016-12-31	Needs Fixing on 2017-02-22
Review via email: mp+313927@code.launchpad.net

Description of the change

Use firewalld instead of UFW

lp:~tintou/switchboard-plug-security-privacy/firewalld updated on 2016-12-31

279. By Corentin Noël on 2016-12-31: Use Firewalld instead of UFW

Revision history for this message

Cody Garver (codygarver) wrote on 2017-02-22:

Download full text (24.5 KiB)

This should be a build flag so it does not break Loki support yet.

> On Dec 30, 2016, at 8:14 PM, Corentin Noël <email address hidden> wrote:
>
> Corentin Noël has proposed merging lp:~tintou/switchboard-plug-security-privacy/firewalld into lp:switchboard-plug-security-privacy.
>
> Requested reviews:
> elementary Apps team (elementary-apps)
> Related bugs:
> Bug #1639775 in Switchboard Security & Privacy Plug: "Firewall portion of plug should use FirewallD instead of ufw"
> https://bugs.launchpad.net/switchboard-plug-security-privacy/+bug/1639775
>
> For more details, see:
> https://code.launchpad.net/~tintou/switchboard-plug-security-privacy/firewalld/+merge/313927
>
> Use firewalld instead of UFW
> --
> Your team elementary Apps team is requested to review the proposed merge of lp:~tintou/switchboard-plug-security-privacy/firewalld into lp:switchboard-plug-security-privacy.
> === modified file 'CMakeLists.txt' --- CMakeLists.txt 2016-12-01 11:56:30 +0000 +++ CMakeLists.txt 2016-12-31 02:13:20 +0000 @@ -38,10 +38,6 @@ include (CPack) add_custom_target (dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source) -configure_file (${CMAKE_SOURCE_DIR}/data/org.pantheon.security-privacy.policy.cmake ${CMAKE_BINARY_DIR}/data/org.pantheon.security-privacy.policy) -install(FILES ${CMAKE_BINARY_DIR}/data/org.pantheon.security-privacy.policy DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/polkit-1/actions/) -install(FILES ${CMAKE_SOURCE_DIR}/data/security-privacy-plug-helper PERMISSIONS OWNER_EXECUTE OWNER_READ DESTINATION ${PKGDATADIR}/) - # Traslation stuff add_subdirectory (po) === removed directory 'data' === removed file 'data/org.pantheon.security-privacy.policy.cmake' --- data/org.pantheon.security-privacy.policy.cmake 2014-08-09 18:22:03 +0000 +++ data/org.pantheon.security-privacy.policy.cmake 1970-01-01 00:00:00 +0000 @@ -1,20 +0,0 @@ - - - - elementary - http://www.elementaryos.org/ - - - Authentication is required to run the Firewall Configuration - preferences-system-privacy - - no - no - auth_admin_keep - - @PKGDATADIR@/security-privacy-plug-helper - - - \ No newline at end of file === removed file 'data/security-privacy-plug-helper' --- data/security-privacy-plug-helper 2014-04-24 16:28:52 +0000 +++ data/security-privacy-plug-helper 1970-01-01 00:00:00 +0000 @@ -1,24 +0,0 @@ -#!/bin/bash - - while getopts "12345:6:" OPTION; do - case ${OPTION} in - 1) - LANGUAGE=C - export LANGUAGE - ufw status;; - 2) - ufw --force enable;; - 3) - ufw disable;; - 4) - LANGUAGE=C - export LANGUAGE - ufw status numbered;; - 5) - ufw $2;; - 6) - ufw --force delete $OPTARG;; - \?) - exit 1;; - esac - done \ No newline at end of file === modified file 'src/CMakeLists.txt' --- src/CMakeLists.txt 2014-12-02 21:20:07 +0000 +++ src/CMakeLists.txt 2016-12-31 02:13:20 +0000 @@ -19,7 +19,7 @@ FirewallPanel.vala LockPanel.vala TrackPanel.vala - UFWHelpers.vala + Firewalld.vala ZGUtilities.vala ${CMAKE_CURRENT_BINARY_DIR}/config.vala PACKAGES === modified file 'src/FirewallPanel.vala' --- src/FirewallPanel.vala 2015-05-10 13:54:39 +0000 +++ src/FirewallPanel.vala 2016-12-31 02:13:20 +0000 @@ -1,6 +1,6 @@ // -*- Mode: vala; indent-tabs-mode: nil; tab-width: 4 -*-...

This should be a build flag so it does not break Loki support yet.

> On Dec 30, 2016, at 8:14 PM, Corentin Noël <corentin@elementaryos.org> wrote:
> 
> Corentin Noël has proposed merging lp:~tintou/switchboard-plug-security-privacy/firewalld into lp:switchboard-plug-security-privacy.
> 
> Requested reviews:
>  elementary Apps team (elementary-apps)
> Related bugs:
>  Bug #1639775 in Switchboard Security & Privacy Plug: "Firewall portion of plug should use FirewallD instead of ufw"
>  https://bugs.launchpad.net/switchboard-plug-security-privacy/+bug/1639775
> 
> For more details, see:
> https://code.launchpad.net/~tintou/switchboard-plug-security-privacy/firewalld/+merge/313927
> 
> Use firewalld instead of UFW
> -- 
> Your team elementary Apps team is requested to review the proposed merge of lp:~tintou/switchboard-plug-security-privacy/firewalld into lp:switchboard-plug-security-privacy.
> === modified file 'CMakeLists.txt' --- CMakeLists.txt	2016-12-01 11:56:30 +0000 +++ CMakeLists.txt	2016-12-31 02:13:20 +0000 @@ -38,10 +38,6 @@ include (CPack) add_custom_target (dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source) -configure_file (${CMAKE_SOURCE_DIR}/data/org.pantheon.security-privacy.policy.cmake ${CMAKE_BINARY_DIR}/data/org.pantheon.security-privacy.policy) -install(FILES ${CMAKE_BINARY_DIR}/data/org.pantheon.security-privacy.policy DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/polkit-1/actions/) -install(FILES ${CMAKE_SOURCE_DIR}/data/security-privacy-plug-helper PERMISSIONS OWNER_EXECUTE OWNER_READ DESTINATION ${PKGDATADIR}/) -  # Traslation stuff add_subdirectory (po) === removed directory 'data' === removed file 'data/org.pantheon.security-privacy.policy.cmake' --- data/org.pantheon.security-privacy.policy.cmake	2014-08-09 18:22:03 +0000 +++ data/org.pantheon.security-privacy.policy.cmake	1970-01-01 00:00:00 +0000 @@ -1,20 +0,0 @@ - - - - elementary - http://www.elementaryos.org/ - - - Authentication is required to run the Firewall Configuration - preferences-system-privacy - - no - no - auth_admin_keep - - @PKGDATADIR@/security-privacy-plug-helper - - - \ No newline at end of file === removed file 'data/security-privacy-plug-helper' --- data/security-privacy-plug-helper	2014-04-24 16:28:52 +0000 +++ data/security-privacy-plug-helper	1970-01-01 00:00:00 +0000 @@ -1,24 +0,0 @@ -#!/bin/bash - - while getopts "12345:6:" OPTION; do - case ${OPTION} in - 1) - LANGUAGE=C - export LANGUAGE - ufw status;; - 2) - ufw --force enable;; - 3) - ufw disable;; - 4) - LANGUAGE=C - export LANGUAGE - ufw status numbered;; - 5) - ufw $2;; - 6) - ufw --force delete $OPTARG;; - \?) - exit 1;; - esac - done \ No newline at end of file === modified file 'src/CMakeLists.txt' --- src/CMakeLists.txt	2014-12-02 21:20:07 +0000 +++ src/CMakeLists.txt	2016-12-31 02:13:20 +0000 @@ -19,7 +19,7 @@ FirewallPanel.vala LockPanel.vala TrackPanel.vala - UFWHelpers.vala + Firewalld.vala ZGUtilities.vala ${CMAKE_CURRENT_BINARY_DIR}/config.vala PACKAGES === modified file 'src/FirewallPanel.vala' --- src/FirewallPanel.vala	2015-05-10 13:54:39 +0000 +++ src/FirewallPanel.vala	2016-12-31 02:13:20 +0000 @@ -1,6 +1,6 @@ // -*- Mode: vala; indent-tabs-mode: nil; tab-width: 4 -*- /*- - * Copyright (c) 2014 Security & Privacy Plug (http://launchpad.net/your-project) + * Copyright (c) 2014-2017 elementary LLC. (https://elementary.io) * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Library General Public @@ -17,223 +17,163 @@ * Free Software Foundation, Inc., 59 Temple Place - Suite 330, * Boston, MA 02111-1307, USA. * - * Authored by: Corentin Noël + * Authored by: Corentin Noël */ -public class SecurityPrivacy.FirewallPanel : Gtk.Grid { +public class SecurityPrivacy.FirewallPanel : Gtk.Stack { private Gtk.ListStore list_store; - private Gtk.TreeView view; - private Gtk.Toolbar list_toolbar; - private bool loading = false; - private Gtk.Popover add_popover; - private Gtk.ToolButton remove_button; + private Firewalld firewalld; + private FirewalldZone firewalld_zone; private enum Columns { - ACTION, PROTOCOL, - DIRECTION, PORTS, - V6, - RULE, N_COLUMNS } public FirewallPanel () { - column_spacing = 12; - row_spacing = 6; + + } + + private void start () { + try { + firewalld = Bus.get_proxy_sync (BusType.SYSTEM, "org.fedoraproject.FirewallD1", "/org/fedoraproject/FirewallD1"); + firewalld.default_zone_changed.connect ((new_zone) => { + load_zone (new_zone); + }); + + load_zone (firewalld.get_default_zone ()); + } catch (IOError e) { + critical (e.message); + set_visible_child_name ("alert"); + } + } + + private void load_zone (string zone_name) { + ObjectPath zone_path = null; + try { + FirewalldConfig f_conf = Bus.get_proxy_sync (BusType.SYSTEM, "org.fedoraproject.FirewallD1", "/org/fedoraproject/FirewallD1/config"); + zone_path = f_conf.get_zone_by_name (zone_name); + } catch (IOError e) { + critical (e.message); + } + + if (zone_path == null) { + set_visible_child_name ("alert"); + return; + } else { + set_visible_child_name ("main"); + } + + try { +            firewalld_zone = Bus.get_proxy_sync (BusType.SYSTEM, "org.fedoraproject.FirewallD1", zone_path); + list_store.clear (); + foreach (var port in firewalld_zone.get_ports ()) { + add_port (port); +            } + } catch (IOError e) { + critical (e.message); + set_visible_child_name ("alert"); + } + } + + construct { margin = 12; margin_top = 0; - orientation = Gtk.Orientation.VERTICAL; - - var status_grid = new Gtk.Grid (); - status_grid.orientation = Gtk.Orientation.HORIZONTAL; - status_grid.column_spacing = 12; - status_grid.halign = Gtk.Align.CENTER; - - var status_label = new Gtk.Label (""); - status_label.set_markup ("%s".printf (_("Firewall Status:"))); - - var status_switch = new Gtk.Switch (); - status_switch.notify["active"].connect (() => { - if (loading == false) { - view.sensitive = status_switch.active; - UFWHelpers.set_status (status_switch.active); - } - show_rules (); - }); - - status_grid.add (status_label); - status_grid.add (status_switch); - - add (status_grid); - sensitive = false; - lock_button.get_permission ().notify["allowed"].connect (() => { - loading = true; - sensitive = lock_button.get_permission ().allowed; - status_switch.active = UFWHelpers.get_status (); - list_store.clear (); - remove_button.sensitive = false; - if (status_switch.active == true) { - view.sensitive = true; - foreach (var rule in UFWHelpers.get_rules ()) { - add_rule (rule); - } - } else { - view.sensitive = false; - } - loading = false; - }); - - create_treeview (); - } - - private void show_rules () { - list_store.clear (); - remove_button.sensitive = false; - foreach (var rule in UFWHelpers.get_rules ()) { - add_rule (rule); - } - } - - public void add_rule (UFWHelpers.Rule rule) { - Gtk.TreeIter iter; - string action = _("Unknown"); - if (rule.action == UFWHelpers.Rule.Action.ALLOW) { - action = _("Allow"); - } else if (rule.action == UFWHelpers.Rule.Action.DENY) { - action = _("Deny"); - } else if (rule.action == UFWHelpers.Rule.Action.REJECT) { - action = _("Reject"); - } else if (rule.action == UFWHelpers.Rule.Action.LIMIT) { - action = _("Limit"); - } - string protocol = _("Unknown"); - if (rule.protocol == UFWHelpers.Rule.Protocol.UDP) { - protocol = "UDP"; - } else if (rule.protocol == UFWHelpers.Rule.Protocol.TCP) { - protocol = "TCP"; - } - string direction = _("Unknown"); - if (rule.direction == UFWHelpers.Rule.Direction.IN) { - direction = _("In"); - } else if (rule.direction == UFWHelpers.Rule.Direction.OUT) { - direction = _("Out"); - } - list_store.append (out iter); - list_store.set (iter, Columns.ACTION, action, Columns.PROTOCOL, protocol, - Columns.DIRECTION, direction, Columns.PORTS, rule.ports.replace (":", "-"), - Columns.V6, rule.is_v6, Columns.RULE, rule); - } - - private void create_treeview () { - list_store = new Gtk.ListStore (Columns.N_COLUMNS, typeof (string), - typeof (string), typeof (string), typeof (string), typeof (bool), typeof (UFWHelpers.Rule)); + var main_grid = new Gtk.Grid (); + main_grid.orientation = Gtk.Orientation.VERTICAL; + + list_store = new Gtk.ListStore (Columns.N_COLUMNS, typeof (string), typeof (string)); // The View: - view = new Gtk.TreeView.with_model (list_store); + var view = new Gtk.TreeView.with_model (list_store); view.vexpand = true; - var celltoggle = new Gtk.CellRendererToggle (); var cell = new Gtk.CellRendererText (); - view.insert_column_with_attributes (-1, _("IPv6"), celltoggle, "active", Columns.V6); - view.insert_column_with_attributes (-1, _("Action"), cell, "text", Columns.ACTION); view.insert_column_with_attributes (-1, _("Protocol"), cell, "text", Columns.PROTOCOL); -        view.insert_column_with_attributes (-1, _("Direction"), cell, "text", Columns.DIRECTION); view.insert_column_with_attributes (-1, _("Ports"), cell, "text", Columns.PORTS); - list_toolbar = new Gtk.Toolbar (); + var add_button = new Gtk.ToggleToolButton (); + add_button.icon_widget = new Gtk.Image.from_icon_name ("list-add-symbolic", Gtk.IconSize.SMALL_TOOLBAR); + var remove_button = new Gtk.ToolButton (new Gtk.Image.from_icon_name ("list-remove-symbolic", Gtk.IconSize.SMALL_TOOLBAR), null); + remove_button.sensitive = false; + + var list_toolbar = new Gtk.Toolbar (); list_toolbar.get_style_context ().add_class (Gtk.STYLE_CLASS_INLINE_TOOLBAR); list_toolbar.set_icon_size (Gtk.IconSize.SMALL_TOOLBAR); - var add_button = new Gtk.ToolButton (new Gtk.Image.from_icon_name ("list-add-symbolic", Gtk.IconSize.SMALL_TOOLBAR), null); - add_button.clicked.connect (() => { - var popover_grid = new Gtk.Grid (); - popover_grid.margin = 6; - popover_grid.margin_top = 12; - popover_grid.margin_start = 12; - popover_grid.margin_bottom = 9; - popover_grid.column_spacing = 12; - popover_grid.row_spacing = 6; - add_popover = new Gtk.Popover (add_button); - add_popover.add (popover_grid); - - var policy_label = new Gtk.Label (_("Action:")); - policy_label.xalign = 1; - var policy_combobox = new Gtk.ComboBoxText (); - policy_combobox.append_text (_("Allow")); - policy_combobox.append_text (_("Deny")); - policy_combobox.append_text (_("Reject")); - policy_combobox.append_text (_("Limit")); - policy_combobox.active = 0; - - var protocol_label = new Gtk.Label (_("Protocol:")); - protocol_label.xalign = 1; - var protocol_combobox = new Gtk.ComboBoxText (); - protocol_combobox.append_text ("TCP"); - protocol_combobox.append_text ("UDP"); - protocol_combobox.active = 0; - - var direction_label = new Gtk.Label (_("Direction:")); - direction_label.xalign = 1; - var direction_combobox = new Gtk.ComboBoxText (); - direction_combobox.append_text (_("In")); - direction_combobox.append_text (_("Out")); - direction_combobox.active = 0; - - var ports_label = new Gtk.Label (_("Ports:")); - ports_label.xalign = 1; - var ports_entry = new Gtk.Entry (); - ports_entry.input_purpose = Gtk.InputPurpose.NUMBER; - ports_entry.placeholder_text = _("%d or %d-%d").printf (80, 80, 85); - - var do_add_button = new Gtk.Button.with_label (_("Add Rule")); - do_add_button.get_style_context ().add_class (Gtk.STYLE_CLASS_SUGGESTED_ACTION); - do_add_button.clicked.connect (() => { - var rule = new UFWHelpers.Rule (); - if (direction_combobox.active == 0) - rule.direction = UFWHelpers.Rule.Direction.IN; - else - rule.direction = UFWHelpers.Rule.Direction.OUT; - - if (protocol_combobox.active == 0) - rule.protocol = UFWHelpers.Rule.Protocol.TCP; -                else - rule.protocol = UFWHelpers.Rule.Protocol.UDP; - - if (policy_combobox.active == 0) - rule.action = UFWHelpers.Rule.Action.ALLOW; - else if (policy_combobox.active == 1) - rule.action = UFWHelpers.Rule.Action.DENY; - else if (policy_combobox.active == 2) - rule.action = UFWHelpers.Rule.Action.REJECT; - else - rule.action = UFWHelpers.Rule.Action.LIMIT; - - rule.ports = ports_entry.text.replace ("-", ":"); - UFWHelpers.add_rule (rule); - add_popover.hide (); - show_rules (); - }); - - var add_button_grid = new Gtk.Grid (); - add_button_grid.add (do_add_button); - add_button_grid.halign = Gtk.Align.END; - - popover_grid.attach (policy_label, 0, 0, 1, 1); - popover_grid.attach (policy_combobox, 1, 0, 1, 1); - popover_grid.attach (protocol_label, 0, 1, 1, 1); - popover_grid.attach (protocol_combobox, 1, 1, 1, 1); - popover_grid.attach (direction_label, 0, 2, 1, 1); - popover_grid.attach (direction_combobox, 1, 2, 1, 1); - popover_grid.attach (ports_label, 0, 3, 1, 1); - popover_grid.attach (ports_entry, 1, 3, 1, 1); -            popover_grid.attach (add_button_grid, 0, 4, 2, 1); - - add_popover.show_all (); - }); - list_toolbar.insert (add_button, -1); - remove_button = new Gtk.ToolButton (new Gtk.Image.from_icon_name ("list-remove-symbolic", Gtk.IconSize.SMALL_TOOLBAR), null); - remove_button.sensitive = false; + list_toolbar.insert (remove_button, -1); + + var scrolled = new Gtk.ScrolledWindow (null, null); + scrolled.expand = true; + scrolled.add (view); + +        var view_frame = new Gtk.Frame (null); + view_frame.add (scrolled); + + main_grid.add (view_frame); + main_grid.add (list_toolbar); + + var protocol_label = new Gtk.Label (_("Protocol:")); + protocol_label.xalign = 1; + var protocol_combobox = new Gtk.ComboBoxText (); + protocol_combobox.append ("tcp", "TCP"); + protocol_combobox.append ("udp", "UDP"); + protocol_combobox.active_id = "tcp"; + + var ports_label = new Gtk.Label (_("Ports:")); + ports_label.xalign = 1; + var ports_entry = new Gtk.Entry (); + ports_entry.input_purpose = Gtk.InputPurpose.NUMBER; + ports_entry.placeholder_text = _("%d or %d-%d").printf (80, 80, 85); + + var do_add_button = new Gtk.Button.with_label (_("Add Rule")); + do_add_button.get_style_context ().add_class (Gtk.STYLE_CLASS_SUGGESTED_ACTION); + + var add_button_grid = new Gtk.Grid (); + add_button_grid.add (do_add_button); + add_button_grid.halign = Gtk.Align.END; + + var popover_grid = new Gtk.Grid (); + popover_grid.margin = 12; + popover_grid.column_spacing = 12; + popover_grid.row_spacing = 6; + popover_grid.attach (protocol_label, 0, 0, 1, 1); + popover_grid.attach (protocol_combobox, 1, 0, 1, 1); + popover_grid.attach (ports_label, 0, 1, 1, 1); + popover_grid.attach (ports_entry, 1, 1, 1, 1); + popover_grid.attach (add_button_grid, 0, 2, 2, 1); + popover_grid.show_all (); + + var add_popover = new Gtk.Popover (add_button); + add_popover.add (popover_grid); + + var alert = new Granite.Widgets.AlertView (_("Unauthorized"), _("Firewall settings require advanced privilege to be changed"), "security-high-symbolic"); + alert.show_action (_("Change settings…")); + var alert_frame = new Gtk.Frame (null); + alert_frame.add (alert); + + add_named (alert_frame, "alert"); + add_named (main_grid, "main"); + + add_button.bind_property ("active", add_popover, "visible", BindingFlags.BIDIRECTIONAL); + + alert.action_activated.connect (() => { + start (); + }); + + do_add_button.clicked.connect (() => { + var port = SecurityPrivacy.Port (); + port.port = ports_entry.text; + port.protocol = protocol_combobox.active_id; + try { + firewalld_zone.add_port (port.port, port.protocol); + add_port (port); + } catch (Error e) { + critical (e.message); + } + }); + remove_button.clicked.connect (() => { Gtk.TreePath path; Gtk.TreeViewColumn column; @@ -241,25 +181,25 @@ Gtk.TreeIter iter; list_store.get_iter (out iter, path); Value val; - list_store.get_value (iter, Columns.RULE, out val); - UFWHelpers.remove_rule ((UFWHelpers.Rule) val.get_object ()); - show_rules (); + Value val2; + list_store.get_value (iter, Columns.PORTS, out val); + list_store.get_value (iter, Columns.PROTOCOL, out val2); + try { + firewalld_zone.remove_port (val.get_string (), val2.get_string ()); + list_store.remove (iter); + } catch (Error e) { + critical (e.message); + } }); - list_toolbar.insert (remove_button, -1); view.cursor_changed.connect (() => { remove_button.sensitive = true; }); - - var view_grid = new Gtk.Grid (); - - var scrolled = new Gtk.ScrolledWindow (null, null); - scrolled.shadow_type = Gtk.ShadowType.IN; - scrolled.expand = true; - scrolled.add (view); - - view_grid.attach (scrolled, 0, 0, 1, 1); - view_grid.attach (list_toolbar, 0, 1, 1, 1); - add (view_grid); + } + + public void add_port (SecurityPrivacy.Port port) { + Gtk.TreeIter iter; + list_store.append (out iter); + list_store.set (iter, Columns.PROTOCOL, port.protocol, Columns.PORTS, port.port); } } === added file 'src/Firewalld.vala' --- src/Firewalld.vala	1970-01-01 00:00:00 +0000 +++ src/Firewalld.vala	2016-12-31 02:13:20 +0000 @@ -0,0 +1,49 @@ +// -*- Mode: vala; indent-tabs-mode: nil; tab-width: 4 -*- +/*- + * Copyright (c) 2014-2017 elementary LLC. (https://elementary.io) + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place - Suite 330, + * Boston, MA 02111-1307, USA. + * + * Authored by: Corentin Noël + */ + +[DBus (name = "org.fedoraproject.FirewallD1")] +public interface SecurityPrivacy.Firewalld : Object { + [DBus (name = "getDefaultZone")] + public abstract string get_default_zone () throws IOError; + public signal void default_zone_changed (string new_default); +} + +[DBus (name = "org.fedoraproject.FirewallD1.config")] +public interface SecurityPrivacy.FirewalldConfig : Object { + [DBus (name = "getZoneByName")] + public abstract ObjectPath get_zone_by_name (string zone) throws IOError; +} + +[DBus (name = "org.fedoraproject.FirewallD1.config.zone")] +public interface SecurityPrivacy.FirewalldZone : Object { + [DBus (name = "getPorts")] + public abstract SecurityPrivacy.Port[] get_ports () throws IOError; + [DBus (name = "removePort")] + public abstract void remove_port (string port, string protocol) throws IOError; + [DBus (name = "addPort")] + public abstract void add_port (string port, string protocol) throws IOError; +} + +public struct SecurityPrivacy.Port { + public string port; + public string protocol; +} === modified file 'src/Plug.vala' --- src/Plug.vala	2016-11-02 00:52:31 +0000 +++ src/Plug.vala	2016-12-31 02:13:20 +0000 @@ -22,7 +22,6 @@ namespace SecurityPrivacy { public static Plug plug; - public static Gtk.LockButton lock_button; public static Blacklist blacklist; public class Plug : Switchboard.Plug { @@ -63,40 +62,6 @@ stack = new Gtk.Stack (); stack.expand = true; - try { - var permission = new Polkit.Permission.sync ("org.pantheon.security-privacy", Polkit.UnixProcess.new (Posix.getpid ())); - var infobar = new Gtk.InfoBar (); - infobar.message_type = Gtk.MessageType.INFO; - lock_button = new Gtk.LockButton (permission); - var area = infobar.get_action_area () as Gtk.Container; - var content = infobar.get_content_area () as Gtk.Container; - var label = new Gtk.Label (_("Some settings require administrator rights to be changed")); - area.add (lock_button); - content.add (label); - main_grid.attach (infobar, 0, 0, 1, 1); - infobar.no_show_all = true; - stack.notify["visible-child-name"].connect (() => { - if (permission.allowed == false && stack.visible_child_name == "firewall") { - infobar.no_show_all = false; - infobar.show_all (); -                    } else { - infobar.no_show_all = true; - infobar.hide (); - } - }); - permission.notify["allowed"].connect (() => { - if (permission.allowed == false && stack.visible_child_name == "firewall") { - infobar.no_show_all = false; - infobar.show_all (); -                    } else { - infobar.no_show_all = true; - infobar.hide (); - } - }); - } catch (Error e) { - critical (e.message); - } - var stack_switcher = new Gtk.StackSwitcher (); stack_switcher.set_stack (stack); stack_switcher.halign = Gtk.Align.CENTER; === removed file 'src/UFWHelpers.vala' --- src/UFWHelpers.vala	2014-04-24 16:28:52 +0000 +++ src/UFWHelpers.vala	1970-01-01 00:00:00 +0000 @@ -1,198 +0,0 @@ -// -*- Mode: vala; indent-tabs-mode: nil; tab-width: 4 -*- -/*- - * Copyright (c) 2014 Security & Privacy Plug (http://launchpad.net/your-project) - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - * - * Authored by: Corentin Noël - */ - -#if TRANSLATION - _("Authentication is required to run the Firewall Configuration") -#endif - -namespace SecurityPrivacy.UFWHelpers { - - private string get_helper_path () { - return "%s/security-privacy-plug-helper".printf (Build.PKGDATADIR); - } - - public bool get_status () { - try { - string standard_output; - Process.spawn_command_line_sync ("pkexec %s -4".printf (get_helper_path ()), out standard_output); - return (standard_output.contains ("inactive") == false); - } catch (Error e) { - warning (e.message); - return false; - } - } - - public void set_status (bool status) { - try { - if (status == true) - Process.spawn_command_line_sync ("pkexec %s -2".printf (get_helper_path ())); - else - Process.spawn_command_line_sync ("pkexec %s -3".printf (get_helper_path ())); - } catch (Error e) { - warning (e.message); - } - } - - public Gee.LinkedList get_rules () { - var rules = new Gee.LinkedList (); - try { - string standard_output; - Process.spawn_command_line_sync ("pkexec %s -4".printf (get_helper_path ()), out standard_output); - var lines = standard_output.split("\n"); - foreach (var line in lines) { - if ("ALLOW" in line || "DENY" in line || "LIMIT" in line || "REJECT" in line) { - var rule = new Rule.from_line (line); - rules.add (rule); - } - } - } catch (Error e) { - warning (e.message); - } - return rules; - } - - public void remove_rule (Rule rule) { - try { - Process.spawn_command_line_sync ("pkexec %s -6 \"%d\"".printf (get_helper_path (), rule.number)); - } catch (Error e) { - warning (e.message); - } - } - - public void add_rule (Rule rule) { - string rule_str = ""; - try { - switch (rule.action) { - case Rule.Action.DENY: - rule_str = "deny"; - break; - case Rule.Action.REJECT: - rule_str = "reject"; - break; - case Rule.Action.LIMIT: - rule_str = "limit"; - break; - default: - rule_str = "allow"; - break; - } - - switch (rule.direction) { - case Rule.Direction.OUT: - rule_str = "%s out".printf (rule_str); - break; - default: - rule_str = "%s in".printf (rule_str); - break; - } - - switch (rule.protocol) { - case Rule.Protocol.UDP: - rule_str = "%s %s/udp".printf (rule_str, rule.ports); - break; - default: - rule_str = "%s %s/tcp".printf (rule_str, rule.ports); - break; - } - - Process.spawn_command_line_sync ("pkexec %s -5 \"%s\"".printf (get_helper_path (), rule_str)); - } catch (Error e) { - warning (e.message); - } - } - - public class Rule : GLib.Object { - public enum Action { - ALLOW, - DENY, - REJECT, - LIMIT - } - - public enum Protocol { - UDP, - TCP - } - - public enum Direction { - IN, - OUT - } - - public Action action; - public Protocol protocol; - public Direction direction; - public string ports; - public bool is_v6 = false; - public int number; - - public Rule () { - - } - - public Rule.from_line (string line) { - if (line.contains ("(v6)")) - is_v6 = true; - var first = line.replace ("(v6)", "").split ("] "); - number = int.parse (first[0].replace ("[", "")); - var second = first[1]; - var third = second.split ("/"); - ports = third[0]; - string current = ""; - int position = 0; - foreach (var car in third[1].data) { - if (car == ' ') { - if (current == "") { - continue; - } - - if (position == 0) { - if ("udp" in current) - protocol = Protocol.UDP; - else if ("tcp" in current) - protocol = Protocol.TCP; - } else if (position == 1) { - if ("ALLOW" in current) - action = Action.ALLOW; - else if ("DENY" in current) - action = Action.DENY; - else if ("REJECT" in current) - action = Action.REJECT; - else if ("LIMIT" in current) - action = Action.LIMIT; - } else if (position == 2) { - if ("IN" in current) - direction = Direction.IN; - else if ("OUT" in current) - direction = Direction.OUT; - break; - } - - current = ""; - position++; - continue; - } - current = "%s%c".printf (current, car); - } - } - } -} \ No newline at end of file

Revision history for this message

Danielle Foré (danrabbit) wrote on 2017-02-22:

from Cody via Slack, "This should be a build flag so it doesn't break Loki support.

review: Needs Fixing

Unmerged revisions

279. By Corentin Noël on 2016-12-31: Use Firewalld instead of UFW

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Corentin Noël

 === modified file 'CMakeLists.txt'
 --- CMakeLists.txt	2016-12-01 11:56:30 +0000
 +++ CMakeLists.txt	2016-12-31 02:17:48 +0000
@@ -38,10 +38,6 @@
  include (CPack)
  add_custom_target (dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source)
--configure_file (${CMAKE_SOURCE_DIR}/data/org.pantheon.security-privacy.policy.cmake ${CMAKE_BINARY_DIR}/data/org.pantheon.security-privacy.policy)
--install(FILES ${CMAKE_BINARY_DIR}/data/org.pantheon.security-privacy.policy DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/polkit-1/actions/)
--install(FILES ${CMAKE_SOURCE_DIR}/data/security-privacy-plug-helper PERMISSIONS OWNER_EXECUTE OWNER_READ DESTINATION ${PKGDATADIR}/)
--
  # Traslation stuff
  add_subdirectory (po)
 === removed directory 'data'
 === removed file 'data/org.pantheon.security-privacy.policy.cmake'
 --- data/org.pantheon.security-privacy.policy.cmake	2014-08-09 18:22:03 +0000
 +++ data/org.pantheon.security-privacy.policy.cmake	1970-01-01 00:00:00 +0000
@@ -1,20 +0,0 @@
--<?xml version="1.0" encoding="UTF-8"?>
--<!DOCTYPE policyconfig PUBLIC
-- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
-- "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
--<policyconfig>
--  <vendor>elementary</vendor>
--  <vendor_url>http://www.elementaryos.org/</vendor_url>
--
--  <action id="org.pantheon.security-privacy">
--    <message gettext-domain="@GETTEXT_PACKAGE@">Authentication is required to run the Firewall Configuration</message>
--    <icon_name>preferences-system-privacy</icon_name>
--    <defaults>
--      <allow_any>no</allow_any>
--      <allow_inactive>no</allow_inactive>
--      <allow_active>auth_admin_keep</allow_active>
--    </defaults>
--    <annotate key="org.freedesktop.policykit.exec.path">@PKGDATADIR@/security-privacy-plug-helper</annotate>
--  </action>
--
--</policyconfig>
 \ No newline at end of file
 === removed file 'data/security-privacy-plug-helper'
 --- data/security-privacy-plug-helper	2014-04-24 16:28:52 +0000
 +++ data/security-privacy-plug-helper	1970-01-01 00:00:00 +0000
@@ -1,24 +0,0 @@
--#!/bin/bash
--
--    while getopts "12345:6:" OPTION; do
--        case ${OPTION} in
--            1)
--                LANGUAGE=C
--                export LANGUAGE
--                ufw status;;
--            2)
--                ufw --force enable;;
--            3)
--                ufw disable;;
--            4)
--                LANGUAGE=C
--                export LANGUAGE
--                ufw status numbered;;
--            5)
--                ufw $2;;
--            6)
--                ufw --force delete $OPTARG;;
--            \?)
--                exit 1;;
--        esac
--    done
 \ No newline at end of file
 === modified file 'src/CMakeLists.txt'
 --- src/CMakeLists.txt	2014-12-02 21:20:07 +0000
 +++ src/CMakeLists.txt	2016-12-31 02:17:48 +0000
@@ -19,7 +19,7 @@
      FirewallPanel.vala
      LockPanel.vala
      TrackPanel.vala
--    UFWHelpers.vala
++    Firewalld.vala
      ZGUtilities.vala
      ${CMAKE_CURRENT_BINARY_DIR}/config.vala
  PACKAGES
 === modified file 'src/FirewallPanel.vala'
 --- src/FirewallPanel.vala	2015-05-10 13:54:39 +0000
 +++ src/FirewallPanel.vala	2016-12-31 02:17:48 +0000
@@ -1,6 +1,6 @@
  // -*- Mode: vala; indent-tabs-mode: nil; tab-width: 4 -*-
  /*-
-- * Copyright (c) 2014 Security & Privacy Plug (http://launchpad.net/your-project)
++ * Copyright (c) 2014-2017 elementary LLC. (https://elementary.io)
+  *
   * This library is free software; you can redistribute it and/or
   * modify it under the terms of the GNU Library General Public
@@ -17,223 +17,121 @@
   * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   * Boston, MA 02111-1307, USA.
+  *
-- * Authored by: Corentin Noël <tintou@mailoo.org>
++ * Authored by: Corentin Noël <corentin@elementary.io>
   */
--public class SecurityPrivacy.FirewallPanel : Gtk.Grid {
++public class SecurityPrivacy.FirewallPanel : Gtk.Stack {
      private Gtk.ListStore list_store;
--    private Gtk.TreeView view;
--    private Gtk.Toolbar list_toolbar;
--    private bool loading = false;
--    private Gtk.Popover add_popover;
--    private Gtk.ToolButton remove_button;
++    private Firewalld firewalld;
++    private FirewalldZone firewalld_zone;
      private enum Columns {
--        ACTION,
          PROTOCOL,
--        DIRECTION,
          PORTS,
--        V6,
--        RULE,
          N_COLUMNS
+     }
      public FirewallPanel () {
--        column_spacing = 12;
--        row_spacing = 6;
++
++    }
++
++    construct {
          margin = 12;
          margin_top = 0;
--        orientation = Gtk.Orientation.VERTICAL;
--
--        var status_grid = new Gtk.Grid ();
--        status_grid.orientation = Gtk.Orientation.HORIZONTAL;
--        status_grid.column_spacing = 12;
--        status_grid.halign = Gtk.Align.CENTER;
--
--        var status_label = new Gtk.Label ("");
--        status_label.set_markup ("<b>%s</b>".printf (_("Firewall Status:")));
--
--        var status_switch = new Gtk.Switch ();
--        status_switch.notify["active"].connect (() => {
--            if (loading == false) {
--                view.sensitive = status_switch.active;
--                UFWHelpers.set_status (status_switch.active);
--            }
--            show_rules ();
--        });
--
--        status_grid.add (status_label);
--        status_grid.add (status_switch);
--
--        add (status_grid);
--        sensitive = false;
--        lock_button.get_permission ().notify["allowed"].connect (() => {
--            loading = true;
--            sensitive = lock_button.get_permission ().allowed;
--            status_switch.active = UFWHelpers.get_status ();
--            list_store.clear ();
--            remove_button.sensitive = false;
--            if (status_switch.active == true) {
--                view.sensitive = true;
--                foreach (var rule in UFWHelpers.get_rules ()) {
--                    add_rule (rule);
--                }
--            } else {
--                view.sensitive = false;
--            }
--            loading = false;
--        });
--
--        create_treeview ();
--    }
--
--    private void show_rules () {
--        list_store.clear ();
--        remove_button.sensitive = false;
--        foreach (var rule in UFWHelpers.get_rules ()) {
--            add_rule (rule);
--        }
--    }
--
--    public void add_rule (UFWHelpers.Rule rule) {
--        Gtk.TreeIter iter;
--        string action = _("Unknown");
--        if (rule.action == UFWHelpers.Rule.Action.ALLOW) {
--            action = _("Allow");
--        } else if (rule.action == UFWHelpers.Rule.Action.DENY) {
--            action = _("Deny");
--        } else if (rule.action == UFWHelpers.Rule.Action.REJECT) {
--            action = _("Reject");
--        } else if (rule.action == UFWHelpers.Rule.Action.LIMIT) {
--            action = _("Limit");
--        }
--        string protocol = _("Unknown");
--        if (rule.protocol == UFWHelpers.Rule.Protocol.UDP) {
--            protocol = "UDP";
--        } else if (rule.protocol == UFWHelpers.Rule.Protocol.TCP) {
--            protocol = "TCP";
--        }
--        string direction = _("Unknown");
--        if (rule.direction == UFWHelpers.Rule.Direction.IN) {
--            direction = _("In");
--        } else if (rule.direction == UFWHelpers.Rule.Direction.OUT) {
--            direction = _("Out");
--        }
--        list_store.append (out iter);
--        list_store.set (iter, Columns.ACTION, action, Columns.PROTOCOL, protocol,
--                Columns.DIRECTION, direction, Columns.PORTS, rule.ports.replace (":", "-"),
--                Columns.V6, rule.is_v6, Columns.RULE, rule);
--    }
--
--    private void create_treeview () {
--        list_store = new Gtk.ListStore (Columns.N_COLUMNS, typeof (string),
--                typeof (string), typeof (string), typeof (string), typeof (bool), typeof (UFWHelpers.Rule));
++        var main_grid = new Gtk.Grid ();
++        main_grid.orientation = Gtk.Orientation.VERTICAL;
++
++        list_store = new Gtk.ListStore (Columns.N_COLUMNS, typeof (string), typeof (string));
          // The View:
--        view = new Gtk.TreeView.with_model (list_store);
++        var view = new Gtk.TreeView.with_model (list_store);
          view.vexpand = true;
--        var celltoggle = new Gtk.CellRendererToggle ();
          var cell = new Gtk.CellRendererText ();
--        view.insert_column_with_attributes (-1, _("IPv6"), celltoggle, "active", Columns.V6);
--        view.insert_column_with_attributes (-1, _("Action"), cell, "text", Columns.ACTION);
          view.insert_column_with_attributes (-1, _("Protocol"), cell, "text", Columns.PROTOCOL);
--        view.insert_column_with_attributes (-1, _("Direction"), cell, "text", Columns.DIRECTION);
          view.insert_column_with_attributes (-1, _("Ports"), cell, "text", Columns.PORTS);
--        list_toolbar = new Gtk.Toolbar ();
++        var add_button = new Gtk.ToggleToolButton ();
++        add_button.icon_widget = new Gtk.Image.from_icon_name ("list-add-symbolic", Gtk.IconSize.SMALL_TOOLBAR);
++        var remove_button = new Gtk.ToolButton (new Gtk.Image.from_icon_name ("list-remove-symbolic", Gtk.IconSize.SMALL_TOOLBAR), null);
++        remove_button.sensitive = false;
++
++        var list_toolbar = new Gtk.Toolbar ();
          list_toolbar.get_style_context ().add_class (Gtk.STYLE_CLASS_INLINE_TOOLBAR);
          list_toolbar.set_icon_size (Gtk.IconSize.SMALL_TOOLBAR);
--        var add_button = new Gtk.ToolButton (new Gtk.Image.from_icon_name ("list-add-symbolic", Gtk.IconSize.SMALL_TOOLBAR), null);
--        add_button.clicked.connect (() => {
--            var popover_grid = new Gtk.Grid ();
--            popover_grid.margin = 6;
--            popover_grid.margin_top = 12;
--            popover_grid.margin_start = 12;
--            popover_grid.margin_bottom = 9;
--            popover_grid.column_spacing = 12;
--            popover_grid.row_spacing = 6;
--            add_popover = new Gtk.Popover (add_button);
--            add_popover.add (popover_grid);
--
--            var policy_label = new Gtk.Label (_("Action:"));
--            policy_label.xalign = 1;
--            var policy_combobox = new Gtk.ComboBoxText ();
--            policy_combobox.append_text (_("Allow"));
--            policy_combobox.append_text (_("Deny"));
--            policy_combobox.append_text (_("Reject"));
--            policy_combobox.append_text (_("Limit"));
--            policy_combobox.active = 0;
--
--            var protocol_label = new Gtk.Label (_("Protocol:"));
--            protocol_label.xalign = 1;
--            var protocol_combobox = new Gtk.ComboBoxText ();
--            protocol_combobox.append_text ("TCP");
--            protocol_combobox.append_text ("UDP");
--            protocol_combobox.active = 0;
--
--            var direction_label = new Gtk.Label (_("Direction:"));
--            direction_label.xalign = 1;
--            var direction_combobox = new Gtk.ComboBoxText ();
--            direction_combobox.append_text (_("In"));
--            direction_combobox.append_text (_("Out"));
--            direction_combobox.active = 0;
--
--            var ports_label = new Gtk.Label (_("Ports:"));
--            ports_label.xalign = 1;
--            var ports_entry = new Gtk.Entry ();
--            ports_entry.input_purpose = Gtk.InputPurpose.NUMBER;
--            ports_entry.placeholder_text = _("%d or %d-%d").printf (80, 80, 85);
--
--            var do_add_button = new Gtk.Button.with_label (_("Add Rule"));
--            do_add_button.get_style_context ().add_class (Gtk.STYLE_CLASS_SUGGESTED_ACTION);
--            do_add_button.clicked.connect (() => {
--                var rule = new UFWHelpers.Rule ();
--                if (direction_combobox.active == 0)
--                    rule.direction = UFWHelpers.Rule.Direction.IN;
--                else
--                    rule.direction = UFWHelpers.Rule.Direction.OUT;
--
--                if (protocol_combobox.active == 0)
--                    rule.protocol = UFWHelpers.Rule.Protocol.TCP;
--                else
--                    rule.protocol = UFWHelpers.Rule.Protocol.UDP;
--
--                if (policy_combobox.active == 0)
--                    rule.action = UFWHelpers.Rule.Action.ALLOW;
--                else if (policy_combobox.active == 1)
--                    rule.action = UFWHelpers.Rule.Action.DENY;
--                else if (policy_combobox.active == 2)
--                    rule.action = UFWHelpers.Rule.Action.REJECT;
--                else
--                    rule.action = UFWHelpers.Rule.Action.LIMIT;
--
--                rule.ports = ports_entry.text.replace ("-", ":");
--                UFWHelpers.add_rule (rule);
--                add_popover.hide ();
--                show_rules ();
--            });
--
--            var add_button_grid = new Gtk.Grid ();
--            add_button_grid.add (do_add_button);
--            add_button_grid.halign = Gtk.Align.END;
--
--            popover_grid.attach (policy_label, 0, 0, 1, 1);
--            popover_grid.attach (policy_combobox, 1, 0, 1, 1);
--            popover_grid.attach (protocol_label, 0, 1, 1, 1);
--            popover_grid.attach (protocol_combobox, 1, 1, 1, 1);
--            popover_grid.attach (direction_label, 0, 2, 1, 1);
--            popover_grid.attach (direction_combobox, 1, 2, 1, 1);
--            popover_grid.attach (ports_label, 0, 3, 1, 1);
--            popover_grid.attach (ports_entry, 1, 3, 1, 1);
--            popover_grid.attach (add_button_grid, 0, 4, 2, 1);
--
--            add_popover.show_all ();
--        });
--
          list_toolbar.insert (add_button, -1);
--        remove_button = new Gtk.ToolButton (new Gtk.Image.from_icon_name ("list-remove-symbolic", Gtk.IconSize.SMALL_TOOLBAR), null);
--        remove_button.sensitive = false;
++        list_toolbar.insert (remove_button, -1);
++
++        var scrolled = new Gtk.ScrolledWindow (null, null);
++        scrolled.expand = true;
++        scrolled.add (view);
++
++        var view_frame = new Gtk.Frame (null);
++        view_frame.add (scrolled);
++
++        main_grid.add (view_frame);
++        main_grid.add (list_toolbar);
++
++        var protocol_label = new Gtk.Label (_("Protocol:"));
++        protocol_label.xalign = 1;
++        var protocol_combobox = new Gtk.ComboBoxText ();
++        protocol_combobox.append ("tcp", "TCP");
++        protocol_combobox.append ("udp", "UDP");
++        protocol_combobox.active_id = "tcp";
++
++        var ports_label = new Gtk.Label (_("Ports:"));
++        ports_label.xalign = 1;
++        var ports_entry = new Gtk.Entry ();
++        ports_entry.input_purpose = Gtk.InputPurpose.NUMBER;
++        ports_entry.placeholder_text = _("%d or %d-%d").printf (80, 80, 85);
++
++        var do_add_button = new Gtk.Button.with_label (_("Add Rule"));
++        do_add_button.get_style_context ().add_class (Gtk.STYLE_CLASS_SUGGESTED_ACTION);
++
++        var add_button_grid = new Gtk.Grid ();
++        add_button_grid.add (do_add_button);
++        add_button_grid.halign = Gtk.Align.END;
++
++        var popover_grid = new Gtk.Grid ();
++        popover_grid.margin = 12;
++        popover_grid.column_spacing = 12;
++        popover_grid.row_spacing = 6;
++        popover_grid.attach (protocol_label, 0, 0, 1, 1);
++        popover_grid.attach (protocol_combobox, 1, 0, 1, 1);
++        popover_grid.attach (ports_label, 0, 1, 1, 1);
++        popover_grid.attach (ports_entry, 1, 1, 1, 1);
++        popover_grid.attach (add_button_grid, 0, 2, 2, 1);
++        popover_grid.show_all ();
++
++        var add_popover = new Gtk.Popover (add_button);
++        add_popover.add (popover_grid);
++
++        var alert = new Granite.Widgets.AlertView (_("Unauthorized"), _("Firewall settings require advanced privilege to be changed"), "security-high-symbolic");
++        alert.show_action (_("Change settings…"));
++        var alert_frame = new Gtk.Frame (null);
++        alert_frame.add (alert);
++
++        add_named (alert_frame, "alert");
++        add_named (main_grid, "main");
++
++        add_button.bind_property ("active", add_popover, "visible", BindingFlags.BIDIRECTIONAL);
++
++        alert.action_activated.connect (() => {
++            start ();
++        });
++
++        do_add_button.clicked.connect (() => {
++            var port = SecurityPrivacy.Port ();
++            port.port = ports_entry.text;
++            port.protocol = protocol_combobox.active_id;
++            try {
++                firewalld_zone.add_port (port.port, port.protocol);
++                add_port (port);
++            } catch (Error e) {
++                critical (e.message);
++            }
++        });
++
          remove_button.clicked.connect (() => {
              Gtk.TreePath path;
              Gtk.TreeViewColumn column;
@@ -241,25 +139,67 @@
              Gtk.TreeIter iter;
              list_store.get_iter (out iter, path);
              Value val;
--            list_store.get_value (iter, Columns.RULE, out val);
--            UFWHelpers.remove_rule ((UFWHelpers.Rule) val.get_object ());
--            show_rules ();
++            Value val2;
++            list_store.get_value (iter, Columns.PORTS, out val);
++            list_store.get_value (iter, Columns.PROTOCOL, out val2);
++            try {
++                firewalld_zone.remove_port (val.get_string (), val2.get_string ());
++                list_store.remove (iter);
++            } catch (Error e) {
++                critical (e.message);
++            }
          });
--        list_toolbar.insert (remove_button, -1);
          view.cursor_changed.connect (() => {
              remove_button.sensitive = true;
          });
--
--        var view_grid = new Gtk.Grid ();
--
--        var scrolled = new Gtk.ScrolledWindow (null, null);
--        scrolled.shadow_type = Gtk.ShadowType.IN;
--        scrolled.expand = true;
--        scrolled.add (view);
--
--        view_grid.attach (scrolled, 0, 0, 1, 1);
--        view_grid.attach (list_toolbar, 0, 1, 1, 1);
--        add (view_grid);
++    }
++
++    private void start () {
++        try {
++            firewalld = Bus.get_proxy_sync (BusType.SYSTEM, "org.fedoraproject.FirewallD1", "/org/fedoraproject/FirewallD1");
++            firewalld.default_zone_changed.connect ((new_zone) => {
++                load_zone (new_zone);
++            });
++
++            load_zone (firewalld.get_default_zone ());
++        } catch (IOError e) {
++            critical (e.message);
++            set_visible_child_name ("alert");
++        }
++    }
++
++    private void load_zone (string zone_name) {
++        ObjectPath zone_path = null;
++        try {
++            FirewalldConfig f_conf = Bus.get_proxy_sync (BusType.SYSTEM, "org.fedoraproject.FirewallD1", "/org/fedoraproject/FirewallD1/config");
++            zone_path = f_conf.get_zone_by_name (zone_name);
++        } catch (IOError e) {
++            critical (e.message);
++        }
++
++        if (zone_path == null) {
++            set_visible_child_name ("alert");
++            return;
++        } else {
++            set_visible_child_name ("main");
++        }
++
++        try {
++            firewalld_zone = Bus.get_proxy_sync (BusType.SYSTEM, "org.fedoraproject.FirewallD1", zone_path);
++            list_store.clear ();
++            foreach (var port in firewalld_zone.get_ports ()) {
++                add_port (port);
++            }
++        } catch (IOError e) {
++            critical (e.message);
++            set_visible_child_name ("alert");
++        }
++    }
++
++    private void add_port (SecurityPrivacy.Port port) {
++        Gtk.TreeIter iter;
++        list_store.append (out iter);
++        list_store.set (iter, Columns.PROTOCOL, port.protocol, Columns.PORTS, port.port);
+     }
+ }
 === added file 'src/Firewalld.vala'
 --- src/Firewalld.vala	1970-01-01 00:00:00 +0000
 +++ src/Firewalld.vala	2016-12-31 02:17:48 +0000
@@ -0,0 +1,49 @@
++// -*- Mode: vala; indent-tabs-mode: nil; tab-width: 4 -*-
++/*-
++ * Copyright (c) 2014-2017 elementary LLC. (https://elementary.io)
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Library General Public
++ * License as published by the Free Software Foundation; either
++ * version 3 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Library General Public License for more details.
++ *
++ * You should have received a copy of the GNU Library General Public
++ * License along with this library; if not, write to the
++ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
++ * Boston, MA 02111-1307, USA.
++ *
++ * Authored by: Corentin Noël <corentin@elementary.io>
++ */
++
++[DBus (name = "org.fedoraproject.FirewallD1")]
++public interface SecurityPrivacy.Firewalld : Object {
++    [DBus (name = "getDefaultZone")]
++    public abstract string get_default_zone () throws IOError;
++    public signal void default_zone_changed (string new_default);
++}
++
++[DBus (name = "org.fedoraproject.FirewallD1.config")]
++public interface SecurityPrivacy.FirewalldConfig : Object {
++    [DBus (name = "getZoneByName")]
++    public abstract ObjectPath get_zone_by_name (string zone) throws IOError;
++}
++
++[DBus (name = "org.fedoraproject.FirewallD1.config.zone")]
++public interface SecurityPrivacy.FirewalldZone : Object {
++    [DBus (name = "getPorts")]
++    public abstract SecurityPrivacy.Port[] get_ports () throws IOError;
++    [DBus (name = "removePort")]
++    public abstract void remove_port (string port, string protocol) throws IOError;
++    [DBus (name = "addPort")]
++    public abstract void add_port (string port, string protocol) throws IOError;
++}
++
++public struct SecurityPrivacy.Port {
++    public string port;
++    public string protocol;
++}
 === modified file 'src/Plug.vala'
 --- src/Plug.vala	2016-11-02 00:52:31 +0000
 +++ src/Plug.vala	2016-12-31 02:17:48 +0000
@@ -22,7 +22,6 @@
  namespace SecurityPrivacy {
      public static Plug plug;
--    public static Gtk.LockButton lock_button;
      public static Blacklist blacklist;
      public class Plug : Switchboard.Plug {
@@ -63,40 +62,6 @@
              stack = new Gtk.Stack ();
              stack.expand = true;
--            try {
--                var permission = new Polkit.Permission.sync ("org.pantheon.security-privacy", Polkit.UnixProcess.new (Posix.getpid ()));
--                var infobar = new Gtk.InfoBar ();
--                infobar.message_type = Gtk.MessageType.INFO;
--                lock_button = new Gtk.LockButton (permission);
--                var area = infobar.get_action_area () as Gtk.Container;
--                var content = infobar.get_content_area () as Gtk.Container;
--                var label = new Gtk.Label (_("Some settings require administrator rights to be changed"));
--                area.add (lock_button);
--                content.add (label);
--                main_grid.attach (infobar, 0, 0, 1, 1);
--                infobar.no_show_all = true;
--                stack.notify["visible-child-name"].connect (() => {
--                    if (permission.allowed == false && stack.visible_child_name == "firewall") {
--                        infobar.no_show_all = false;
--                        infobar.show_all ();
--                    } else {
--                        infobar.no_show_all = true;
--                        infobar.hide ();
--                    }
--                });
--                permission.notify["allowed"].connect (() => {
--                    if (permission.allowed == false && stack.visible_child_name == "firewall") {
--                        infobar.no_show_all = false;
--                        infobar.show_all ();
--                    } else {
--                        infobar.no_show_all = true;
--                        infobar.hide ();
--                    }
--                });
--            } catch (Error e) {
--                critical (e.message);
--            }
--
              var stack_switcher = new Gtk.StackSwitcher ();
              stack_switcher.set_stack (stack);
              stack_switcher.halign = Gtk.Align.CENTER;
 === removed file 'src/UFWHelpers.vala'
 --- src/UFWHelpers.vala	2014-04-24 16:28:52 +0000
 +++ src/UFWHelpers.vala	1970-01-01 00:00:00 +0000
@@ -1,198 +0,0 @@
--// -*- Mode: vala; indent-tabs-mode: nil; tab-width: 4 -*-
--/*-
-- * Copyright (c) 2014 Security & Privacy Plug (http://launchpad.net/your-project)
-- *
-- * This library is free software; you can redistribute it and/or
-- * modify it under the terms of the GNU Library General Public
-- * License as published by the Free Software Foundation; either
-- * version 3 of the License, or (at your option) any later version.
-- *
-- * This library is distributed in the hope that it will be useful,
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-- * Library General Public License for more details.
-- *
-- * You should have received a copy of the GNU Library General Public
-- * License along with this library; if not, write to the
-- * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-- * Boston, MA 02111-1307, USA.
-- *
-- * Authored by: Corentin Noël <tintou@mailoo.org>
-- */
--
--#if TRANSLATION
--    _("Authentication is required to run the Firewall Configuration")
--#endif
--
--namespace SecurityPrivacy.UFWHelpers {
--
--    private string get_helper_path () {
--        return "%s/security-privacy-plug-helper".printf (Build.PKGDATADIR);
--    }
--
--    public bool get_status () {
--        try {
--            string standard_output;
--            Process.spawn_command_line_sync ("pkexec %s -4".printf (get_helper_path ()), out standard_output);
--            return (standard_output.contains ("inactive") == false);
--        } catch (Error e) {
--            warning (e.message);
--            return false;
--        }
--    }
--
--    public void set_status (bool status) {
--        try {
--            if (status == true)
--                Process.spawn_command_line_sync ("pkexec %s -2".printf (get_helper_path ()));
--            else
--                Process.spawn_command_line_sync ("pkexec %s -3".printf (get_helper_path ()));
--        } catch (Error e) {
--            warning (e.message);
--        }
--    }
--
--    public Gee.LinkedList<Rule> get_rules () {
--        var rules = new Gee.LinkedList<Rule> ();
--        try {
--            string standard_output;
--            Process.spawn_command_line_sync ("pkexec %s -4".printf (get_helper_path ()), out standard_output);
--            var lines = standard_output.split("\n");
--            foreach (var line in lines) {
--                if ("ALLOW" in line || "DENY" in line || "LIMIT" in line || "REJECT" in line) {
--                    var rule = new Rule.from_line (line);
--                    rules.add (rule);
--                }
--            }
--        } catch (Error e) {
--            warning (e.message);
--        }
--        return rules;
--    }
--
--    public void remove_rule (Rule rule) {
--        try {
--            Process.spawn_command_line_sync ("pkexec %s -6 \"%d\"".printf (get_helper_path (), rule.number));
--        } catch (Error e) {
--            warning (e.message);
--        }
--    }
--
--    public void add_rule (Rule rule) {
--        string rule_str = "";
--        try {
--            switch (rule.action) {
--                case Rule.Action.DENY:
--                    rule_str = "deny";
--                    break;
--                case Rule.Action.REJECT:
--                    rule_str = "reject";
--                    break;
--                case Rule.Action.LIMIT:
--                    rule_str = "limit";
--                    break;
--                default:
--                    rule_str = "allow";
--                    break;
--            }
--
--            switch (rule.direction) {
--                case Rule.Direction.OUT:
--                    rule_str = "%s out".printf (rule_str);
--                    break;
--                default:
--                    rule_str = "%s in".printf (rule_str);
--                    break;
--            }
--
--            switch (rule.protocol) {
--                case Rule.Protocol.UDP:
--                    rule_str = "%s %s/udp".printf (rule_str, rule.ports);
--                    break;
--                default:
--                    rule_str = "%s %s/tcp".printf (rule_str, rule.ports);
--                    break;
--            }
--
--            Process.spawn_command_line_sync ("pkexec %s -5 \"%s\"".printf (get_helper_path (), rule_str));
--        } catch (Error e) {
--            warning (e.message);
--        }
--    }
--
--    public class Rule : GLib.Object {
--        public enum Action {
--            ALLOW,
--            DENY,
--            REJECT,
--            LIMIT
--        }
--
--        public enum Protocol {
--            UDP,
--            TCP
--        }
--
--        public enum Direction {
--            IN,
--            OUT
--        }
--
--        public Action action;
--        public Protocol protocol;
--        public Direction direction;
--        public string ports;
--        public bool is_v6 = false;
--        public int number;
--
--        public Rule () {
--
--        }
--
--        public Rule.from_line (string line) {
--            if (line.contains ("(v6)"))
--                is_v6 = true;
--            var first = line.replace ("(v6)", "").split ("] ");
--            number = int.parse (first[0].replace ("[", ""));
--            var second = first[1];
--            var third = second.split ("/");
--            ports = third[0];
--            string current = "";
--            int position = 0;
--            foreach (var car in third[1].data) {
--                if (car == ' ') {
--                    if (current == "") {
--                        continue;
--                    }
--
--                    if (position == 0) {
--                        if ("udp" in current)
--                            protocol = Protocol.UDP;
--                        else if ("tcp" in current)
--                            protocol = Protocol.TCP;
--                    } else if (position == 1) {
--                        if ("ALLOW" in current)
--                            action = Action.ALLOW;
--                        else if ("DENY" in current)
--                            action = Action.DENY;
--                        else if ("REJECT" in current)
--                            action = Action.REJECT;
--                        else if ("LIMIT" in current)
--                            action = Action.LIMIT;
--                    } else if (position == 2) {
--                        if ("IN" in current)
--                            direction = Direction.IN;
--                        else if ("OUT" in current)
--                            direction = Direction.OUT;
--                        break;
--                    }
--
--                    current = "";
--                    position++;
--                    continue;
--                }
--                current = "%s%c".printf (current, car);
--            }
--        }
--    }
--}
 \ No newline at end of file