コード例 #1
0
ipcopAdvancedDialog::ipcopAdvancedDialog(QWidget *parent,FWObject *o)
    : QDialog(parent)
{
    m_dialog = new Ui::ipcopAdvancedDialog_q;
    m_dialog->setupUi(this);

    obj=o;
    QStringList slm;

    /*
     * Set dialog title dynamically to reflect description set in the
     * platform resource file. This is useful because the same dialog
     * is used for ipcop, endian and oneshield platforms.
     */
    string platform = obj->getStr("platform");
    string description = Resources::platform_res[platform]->
        getResourceStr("/FWBuilderResources/Target/description");
    setWindowTitle(QObject::tr("%1 advanced settings").arg(description.c_str()));

    FWOptions *fwoptions=(Firewall::cast(obj))->getOptionsObject();
    assert(fwoptions!=NULL);

    Management *mgmt=(Firewall::cast(obj))->getManagementObject();
    assert(mgmt!=NULL);

    /*
    fwoptions->setStr("firewall_dir", "/etc/rc.d/");
    fwoptions->setStr("admUser", "admin");
    fwoptions->setStr("activationCmd", "/etc/rc.d/rc.firewall");
    fwoptions->setStr("output_file", "rc.firewall.local");
    */

    //QString s = fwoptions->getStr("ipv4_6_order")
    data.registerOption(m_dialog->ipv4before, fwoptions, "ipv4_6_order",
                        QStringList() <<  tr("IPv4 before IPv6")
                        <<"ipv4_first" << tr("IPv6 before IPv4") << "ipv6_first");

    data.registerOption(m_dialog->logTCPseq, fwoptions, "log_tcp_seq");
    data.registerOption(m_dialog->logTCPopt, fwoptions, "log_tcp_opt");
    data.registerOption(m_dialog->logIPopt, fwoptions, "log_ip_opt");
    data.registerOption(m_dialog->logNumsyslog, fwoptions,
                        "use_numeric_log_levels");

    slm = getLogLevels( platform.c_str());
    m_dialog->logLevel->clear();
    m_dialog->logLevel->addItems( getScreenNames(slm));
    data.registerOption(m_dialog-> logLevel, fwoptions, "log_level", slm);

    data.registerOption(m_dialog->useULOG, fwoptions, "use_ULOG");
    data.registerOption(m_dialog->cprange, fwoptions, "ulog_cprange");
    data.registerOption(m_dialog->qthreshold, fwoptions, "ulog_qthreshold");
    data.registerOption(m_dialog->nlgroup, fwoptions, "ulog_nlgroup");
    data.registerOption(m_dialog->logprefix, fwoptions, "log_prefix");

    slm=getLimitSuffixes( platform.c_str());
    m_dialog->logLimitSuffix->clear();
    m_dialog->logLimitSuffix->addItems(getScreenNames(slm));
    data.registerOption(m_dialog-> logLimitSuffix, fwoptions,
                        "limit_suffix", slm);

    data.registerOption(m_dialog->logLimitVal, fwoptions, "limit_value");
    data.registerOption(m_dialog->logAll, fwoptions, "log_all");
    data.registerOption(m_dialog->compiler, fwoptions, "compiler");
    data.registerOption(m_dialog->compilerArgs, fwoptions, "cmdline");
    data.registerOption(m_dialog->outputFileName, fwoptions, "output_file");
    data.registerOption(m_dialog->assumeFwIsPartOfAny,
                        fwoptions, "firewall_is_part_of_any_and_networks");
    data.registerOption(m_dialog->acceptSessions,
                        fwoptions, "accept_new_tcp_with_no_syn");
    data.registerOption(m_dialog->bridge, fwoptions, "bridging_fw");
    data.registerOption(m_dialog->shadowing, fwoptions, "check_shading");
    data.registerOption(m_dialog->emptyGroups, fwoptions,
                        "ignore_empty_groups");
    data.registerOption(m_dialog->localNAT, fwoptions, "local_nat");
    slm=getActionsOnReject( platform.c_str());
    m_dialog->actionOnReject->clear();
    m_dialog->actionOnReject->addItems(getScreenNames(slm));
    data.registerOption(m_dialog-> actionOnReject,
                         fwoptions,"action_on_reject", slm);

    data.registerOption(m_dialog->mgmt_ssh, fwoptions, "mgmt_ssh");
    data.registerOption(m_dialog->mgmt_addr, fwoptions, "mgmt_addr");
    data.registerOption(m_dialog->iptDebug, fwoptions, "debug");
    data.registerOption(m_dialog->verifyInterfaces, fwoptions, "verify_interfaces");
    data.registerOption(m_dialog->ipt_fw_dir, fwoptions, "firewall_dir");
    data.registerOption(m_dialog->ipt_user, fwoptions, "admUser");
    data.registerOption(m_dialog->altAddress, fwoptions, "altAddress");
    data.registerOption(m_dialog->sshArgs, fwoptions, "sshArgs");
    data.registerOption( m_dialog->scpArgs, fwoptions, "scpArgs");
    data.registerOption(m_dialog->activationCmd, fwoptions, "activationCmd");

    PolicyInstallScript *pis   = mgmt->getPolicyInstallScript();

    m_dialog->installScript->setText(     pis->getCommand().c_str());
    m_dialog->installScriptArgs->setText( pis->getArguments().c_str());


    /* page "Prolog/Epilog" */

    data.registerOption(m_dialog->prolog_script, fwoptions, "prolog_script");
    data.registerOption(m_dialog->epilog_script, fwoptions, "epilog_script");

    data.loadAll();
    switchLOG_ULOG();

    m_dialog->tabWidget->setCurrentIndex(0);
}
コード例 #2
0
bool FirewallInstallerUnx::packInstallJobsList(Firewall* fw)
{
    if (fwbdebug)
    {
        qDebug() << "FirewallInstallerUnx::packInstallJobList";
        qDebug() << "cnf->user="******"Installation plan:\n"));

    Management *mgmt = cnf->fwobj->getManagementObject();
    assert(mgmt!=NULL);
    PolicyInstallScript *pis = mgmt->getPolicyInstallScript();
    if (pis->getCommand()!="")
    {
        QString cmd = pis->getCommand().c_str();
        QString args = pis->getArguments().c_str();
        job_list.push_back(
            instJob(RUN_EXTERNAL_SCRIPT, cmd, args));
        inst_dlg->addToLog(QString("Run script %1 %2\n").arg(cmd).arg(args));
        return true;
    }

/* read manifest from the conf file */

    if (fwbdebug)
        qDebug("FirewallInstaller::packInstallJobsList read manifest from %s",
       #if QT_VERSION < QT_VERSION_CHECK(5, 0, 0)
               cnf->script.toAscii().constData());
       #else
               cnf->script.toLatin1().constData());
       #endif

/*
 * Note that if output file is specified in firewall settings dialog,
 * it can be an absolute path. In this case compiler puts additional
 * generated files (if any) in the same directory. The manifest in the
 * .fw file does not specify directory path so that the .fw file and
 * all additional files can be moved together someplace else. We take
 * dir path from the .fw file and if it is not empty, assume that all
 * other files are located there as well.
 */
    // compilers always write file names into manifest in Utf8
#if QT_VERSION < QT_VERSION_CHECK(5, 0, 0)
    QTextCodec::setCodecForCStrings(QTextCodec::codecForName("Utf8"));
#endif
    QTextCodec::setCodecForLocale(QTextCodec::codecForName("Utf8"));

    //key: local_file_name  val: remote_file_name
    QMap<QString,QString> all_files;

    // readManifest() modifies cnf !
    if (readManifest(cnf->script, &all_files))
    {
        QMap<QString, QString>::iterator it;
        for (it=all_files.begin(); it!=all_files.end(); ++it)
        {
            QString local_name = it.key();
            QString remote_name = it.value();

            job_list.push_back(instJob(COPY_FILE, local_name, remote_name));
            inst_dlg->addToLog(QString("Copy file: %1 --> %2\n")
                               .arg(local_name)
#if QT_VERSION < QT_VERSION_CHECK(5, 0, 0)
                                .arg(remote_name).toAscii().constData());
#else
                                .arg(remote_name).toLatin1().constData());
#endif
        }
コード例 #3
0
iptAdvancedDialog::iptAdvancedDialog(QWidget *parent,FWObject *o)
    : QDialog(parent)
{
    m_dialog = new Ui::iptAdvancedDialog_q;
    m_dialog->setupUi(this);

    obj=o;
    QStringList slm;

    string platform = obj->getStr("platform");
    string description = Resources::platform_res[platform]->
        getResourceStr("/FWBuilderResources/Target/description");
    setWindowTitle(QObject::tr("%1 advanced settings").arg(description.c_str()));

    FWOptions *fwoptions=(Firewall::cast(obj))->getOptionsObject();
    assert(fwoptions!=NULL);

    Management *mgmt=(Firewall::cast(obj))->getManagementObject();
    assert(mgmt!=NULL);

    if (fwbdebug)
        qDebug("%s",Resources::getTargetOptionStr(
                   obj->getStr("host_OS"),"user_can_change_install_dir").c_str());

    //QString s = fwoptions->getStr("ipv4_6_order")
    data.registerOption(m_dialog->ipv4before, fwoptions, "ipv4_6_order",
                        QStringList() << tr("IPv4 before IPv6")
                        <<"ipv4_first" << tr("IPv6 before IPv4") << "ipv6_first");

    data.registerOption(m_dialog->logTCPseq, fwoptions, "log_tcp_seq");
    data.registerOption(m_dialog->logTCPopt, fwoptions, "log_tcp_opt");
    data.registerOption(m_dialog->logIPopt, fwoptions, "log_ip_opt");
    data.registerOption(m_dialog->logNumsyslog, fwoptions,
                        "use_numeric_log_levels");

    slm = getLogLevels( obj->getStr("platform").c_str());
    m_dialog->logLevel->clear();
    m_dialog->logLevel->addItems( getScreenNames(slm));
    data.registerOption(m_dialog-> logLevel, fwoptions, "log_level", slm);

    data.registerOption(m_dialog->useULOG, fwoptions, "use_ULOG");
    data.registerOption(m_dialog->cprange, fwoptions, "ulog_cprange");
    data.registerOption(m_dialog->qthreshold, fwoptions, "ulog_qthreshold");
    data.registerOption(m_dialog->nlgroup, fwoptions, "ulog_nlgroup");
    data.registerOption(m_dialog->logprefix, fwoptions, "log_prefix");

    slm=getLimitSuffixes( obj->getStr("platform").c_str());
    m_dialog->logLimitSuffix->clear();
    m_dialog->logLimitSuffix->addItems(getScreenNames(slm));
    data.registerOption(m_dialog-> logLimitSuffix, fwoptions,
                        "limit_suffix", slm);

    data.registerOption(m_dialog->logLimitVal, fwoptions, "limit_value");
    data.registerOption(m_dialog->logAll, fwoptions, "log_all");
    data.registerOption(m_dialog->compiler, fwoptions, "compiler");
    data.registerOption(m_dialog->compilerArgs, fwoptions, "cmdline");
    data.registerOption(m_dialog->outputFileName, fwoptions, "output_file");
    data.registerOption(m_dialog->fileNameOnFw, fwoptions, "script_name_on_firewall");
    data.registerOption(m_dialog->assumeFwIsPartOfAny,
                        fwoptions, "firewall_is_part_of_any_and_networks");
    data.registerOption(m_dialog->acceptSessions,
                        fwoptions, "accept_new_tcp_with_no_syn");
    data.registerOption(m_dialog->dropInvalid, fwoptions, "drop_invalid");
    data.registerOption(m_dialog->logInvalid, fwoptions, "log_invalid");
    data.registerOption(m_dialog->acceptESTBeforeFirst, fwoptions,
                        "accept_established");
    data.registerOption(m_dialog->bridge, fwoptions, "bridging_fw");
    data.registerOption(m_dialog->shadowing, fwoptions, "check_shading");
    data.registerOption(m_dialog->emptyGroups, fwoptions,
                        "ignore_empty_groups");
    data.registerOption(m_dialog->localNAT, fwoptions, "local_nat");
    data.registerOption(m_dialog->clampMSStoMTU, fwoptions, "clamp_mss_to_mtu");
    data.registerOption(m_dialog->ipv6NeighborDiscovery,
                        fwoptions, "add_rules_for_ipv6_neighbor_discovery");

    slm = getActionsOnReject( obj->getStr("platform").c_str());
    m_dialog->actionOnReject->clear();
    m_dialog->actionOnReject->addItems(getScreenNames(slm));
    data.registerOption(m_dialog-> actionOnReject,
                         fwoptions,"action_on_reject", slm);

    data.registerOption(m_dialog->useModuleSet, fwoptions, "use_m_set");

    data.registerOption(m_dialog->mgmt_ssh, fwoptions, "mgmt_ssh");
    data.registerOption(m_dialog->mgmt_addr, fwoptions, "mgmt_addr");
    data.registerOption(m_dialog->add_mgmt_ssh_rule_when_stoped,
                        fwoptions, "add_mgmt_ssh_rule_when_stoped");
    data.registerOption(m_dialog->addVirtualsforNAT,
                        fwoptions, "manage_virtual_addr");

    data.registerOption(m_dialog->configureInterfaces,
                        fwoptions, "configure_interfaces");
    data.registerOption(m_dialog->clearUnknownInterfaces,
                        fwoptions, "clear_unknown_interfaces");
    data.registerOption(m_dialog->configure_vlan_interfaces,
                        fwoptions, "configure_vlan_interfaces");
    data.registerOption(m_dialog->configure_bridge_interfaces,
                        fwoptions, "configure_bridge_interfaces");
    data.registerOption(m_dialog->configure_bonding_interfaces,
                        fwoptions, "configure_bonding_interfaces");

    data.registerOption(m_dialog->iptDebug, fwoptions, "debug");
    data.registerOption(m_dialog->verifyInterfaces, fwoptions, "verify_interfaces");
    data.registerOption(m_dialog->loadModules, fwoptions, "load_modules");
    data.registerOption(m_dialog->iptablesRestoreActivation,
                        fwoptions, "use_iptables_restore");
    data.registerOption(m_dialog->ipt_fw_dir, fwoptions, "firewall_dir");
    data.registerOption(m_dialog->ipt_user, fwoptions, "admUser");
    data.registerOption(m_dialog->altAddress, fwoptions, "altAddress");
    data.registerOption(m_dialog->sshArgs, fwoptions, "sshArgs");
    data.registerOption( m_dialog->scpArgs, fwoptions, "scpArgs");
    data.registerOption(m_dialog->activationCmd, fwoptions, "activationCmd");

    PolicyInstallScript *pis   = mgmt->getPolicyInstallScript();

    m_dialog->installScript->setText(     pis->getCommand().c_str());
    m_dialog->installScriptArgs->setText( pis->getArguments().c_str());


    /* page "Prolog/Epilog" */

    data.registerOption(m_dialog->prolog_script, fwoptions,
                        "prolog_script");

    QStringList prologPlaces_ipt;
    prologPlaces_ipt.push_back(QObject::tr("on top of the script"));
    prologPlaces_ipt.push_back("top");
    prologPlaces_ipt.push_back(QObject::tr("after interface configuration"));
    prologPlaces_ipt.push_back("after_interfaces");

    // bug #2820840: can't put prolog "after policy reset" if iptables-restore
    if (!fwoptions->getBool("use_iptables_restore"))
    {
        prologPlaces_ipt.push_back(QObject::tr("after policy reset"));
        prologPlaces_ipt.push_back("after_flush");
    }

    m_dialog->prologPlace->clear();
    m_dialog->prologPlace->addItems(getScreenNames(prologPlaces_ipt));
    data.registerOption(m_dialog-> prologPlace, fwoptions,
                        "prolog_place", prologPlaces_ipt);

    data.registerOption(m_dialog->epilog_script, fwoptions,
                        "epilog_script");

    data.loadAll();
    switchLOG_ULOG();

    if (!Resources::getTargetOptionBool(
            obj->getStr("host_OS"), "user_can_change_install_dir"))
    {
        m_dialog->ipt_fw_dir->setEnabled(false);
        //fwoptions->setStr("firewall_dir", "");
    }

    string version = obj->getStr("version");
    bool can_use_module_set = (XMLTools::version_compare(version, "1.4.1.1") >= 0);
    if (!can_use_module_set)
        m_dialog->useModuleSet->setChecked(false);
    m_dialog->useModuleSet->setEnabled(can_use_module_set);

    m_dialog->tabWidget->setCurrentIndex(0);
}
コード例 #4
0
bool FirewallInstallerProcurve::packInstallJobsList(Firewall*)
{
    if (fwbdebug)
        qDebug("FirewallInstallerProcurve::packInstallJobList  script=%s",
               cnf->script.toLatin1().constData());
    job_list.clear();

    Management *mgmt = cnf->fwobj->getManagementObject();
    assert(mgmt!=nullptr);
    PolicyInstallScript *pis = mgmt->getPolicyInstallScript();
    if (pis->getCommand()!="")
    {
        QString cmd = pis->getCommand().c_str();
        QString args = pis->getArguments().c_str();
        job_list.push_back(
            instJob(RUN_EXTERNAL_SCRIPT, cmd, args));
        inst_dlg->addToLog(QString("Run script %1 %2\n").arg(cmd).arg(args));
        return true;
    }

    // Load configuration file early so we can abort installation if
    // it is not accessible

    QString ff;
    QFileInfo script_info(cnf->script);
    if (script_info.isAbsolute()) ff = cnf->script;
    else ff = cnf->wdir + "/" + cnf->script;

    QFile data(ff);
    if (data.open(QFile::ReadOnly))
    {
        QTextStream strm(&data);
        QString line;
        do
        {
            line = strm.readLine();
            config_lines.push_back(line.trimmed());
        } while (!strm.atEnd());
    } else
    {
        QMessageBox::critical(
            inst_dlg, "Firewall Builder",
            tr("Can not read generated script %1").arg(ff),
            tr("&Continue"), QString::null,QString::null,
            0, 1 );
        return false;
    }

#ifdef SCP_SUPPORT_FOR_PROCURVE

    if (cnf->useSCPForRouter)
    {
        QMap<QString,QString> all_files;

        // readManifest() modifies cnf (assigns cnf->remote_script) !
        if (readManifest(cnf->script, &all_files))
        {
            QMap<QString, QString>::iterator it;
            for (it=all_files.begin(); it!=all_files.end(); ++it)
            {
                QString local_name = it.key();
                QString remote_name = it.value();
                job_list.push_back(instJob(COPY_FILE, local_name, remote_name));
            }
        }

        QString cmd = getActivationCmd();
        job_list.push_back(instJob(ACTIVATE_POLICY, cmd, ""));
    } else
    {
        job_list.push_back(instJob(ACTIVATE_POLICY, cnf->script, ""));
    }

#endif

    job_list.push_back(instJob(ACTIVATE_POLICY, cnf->script, ""));

    return true;
}
コード例 #5
0
pfAdvancedDialog::pfAdvancedDialog(QWidget *parent,FWObject *o)
    : QDialog(parent)
{
    m_dialog = new Ui::pfAdvancedDialog_q;
    m_dialog->setupUi(this);
    obj=o;
    QStringList slm;

    string version = obj->getStr("version");

    FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject();
    assert(fwopt!=nullptr);

    Management *mgmt=(Firewall::cast(obj))->getManagementObject();
    assert(mgmt!=nullptr);

    if (fwbdebug)
        qDebug("%s", Resources::getTargetOptionStr(
                   obj->getStr("host_OS"),"user_can_change_install_dir").c_str());

    if (!Resources::getTargetOptionBool(
            obj->getStr("host_OS"),"user_can_change_install_dir"))
    {
        m_dialog->pf_fw_dir->setEnabled(false);
        fwopt->setStr("firewall_dir","");
    }

    // see #1888: we now support rc.conf format for the output
    // Set variables for backwards compatibility for users who configured
    // custom name for the output .fw script before.

    if (!fwopt->getBool("generate_shell_script") &&
        !fwopt->getBool("generate_rc_conf_file"))
    {
        fwopt->setBool("generate_shell_script", true);
    }

    if (!Resources::getTargetOptionBool(obj->getStr("host_OS"),
                                        "rc_conf_format_supported"))
    {
        fwopt->setBool("generate_shell_script", true);
        fwopt->setBool("generate_rc_conf_file", false);
    }

    m_dialog->generateShellScript->setEnabled(
        Resources::getTargetOptionBool(obj->getStr("host_OS"),
                                       "rc_conf_format_supported"));
    m_dialog->generateRcConfFile->setEnabled(
        Resources::getTargetOptionBool(obj->getStr("host_OS"),
                                       "rc_conf_format_supported"));


    QString init_script_name = QString::fromUtf8(
        fwopt->getStr("output_file").c_str()).trimmed();
    QString conf_file_name = QString::fromUtf8(
        fwopt->getStr("conf1_file").c_str()).trimmed();

    if (!init_script_name.isEmpty() && conf_file_name.isEmpty())
    {
        conf_file_name =
            fwcompiler::CompilerDriver::getConfFileNameFromFwFileName(
                init_script_name, ".conf");
        fwopt->setStr("conf1_file", conf_file_name.toUtf8().constData());
    }

    data.registerOption(m_dialog->ipv4before, fwopt,
                        "ipv4_6_order",
                        QStringList() <<  tr("IPv4 before IPv6")
                        <<"ipv4_first"
                        << tr("IPv6 before IPv4")
                        << "ipv6_first");

    data.registerOption( m_dialog->pf_log_prefix,fwopt, "log_prefix");
    data.registerOption( m_dialog->pf_fallback_log,fwopt, "fallback_log");
    data.registerOption( m_dialog->pf_do_timeout_interval, fwopt,
                         "pf_do_timeout_interval");
    data.registerOption( m_dialog->pf_timeout_interval, fwopt,
                         "pf_timeout_interval");
    data.registerOption( m_dialog->pf_do_timeout_frag,fwopt, "pf_do_timeout_frag");
    data.registerOption( m_dialog->pf_timeout_frag,fwopt, "pf_timeout_frag");
    data.registerOption( m_dialog->pf_do_limit_frags,fwopt, "pf_do_limit_frags");
    data.registerOption( m_dialog->pf_limit_frags,fwopt, "pf_limit_frags");
    data.registerOption( m_dialog->pf_do_limit_states,fwopt, "pf_do_limit_states");
    data.registerOption( m_dialog->pf_limit_states,fwopt, "pf_limit_states");
    data.registerOption( m_dialog->pf_do_limit_src_nodes,fwopt,
                         "pf_do_limit_src_nodes");
    data.registerOption( m_dialog->pf_limit_src_nodes, fwopt, "pf_limit_src_nodes");
    data.registerOption( m_dialog->pf_do_limit_tables, fwopt, "pf_do_limit_tables");
    data.registerOption( m_dialog->pf_limit_tables,fwopt, "pf_limit_tables");
    data.registerOption( m_dialog->pf_do_limit_table_entries,fwopt,
                         "pf_do_limit_table_entries");
    data.registerOption( m_dialog->pf_limit_table_entries,fwopt,"pf_limit_table_entries");

// Prepare mapping for pf_optimization:
    slm.clear();
    slm.push_back("");
    slm.push_back("");
    slm.push_back(QObject::tr("Aggressive"));
    slm.push_back("aggressive");
    slm.push_back(QObject::tr("Conservative"));
    slm.push_back("conservative");
    slm.push_back(QObject::tr("For high latency"));
    slm.push_back("high-latency");
    slm.push_back(QObject::tr("Normal"));
    slm.push_back("normal");
    m_dialog->pf_optimization->clear();
    m_dialog->pf_optimization->addItems(getScreenNames(slm));
    data.registerOption( m_dialog->pf_optimization, fwopt, "pf_optimization", slm);

// Prepare state_policy combo box
    slm.clear();
    slm.push_back("");
    slm.push_back("");
    slm.push_back(QObject::tr("Bound to interfaces"));
    slm.push_back("if-bound");
    slm.push_back(QObject::tr("Floating"));
    slm.push_back("floating");
    m_dialog->pf_state_policy->clear();
    m_dialog->pf_state_policy->addItems(getScreenNames(slm));
    data.registerOption( m_dialog->pf_state_policy, fwopt, "pf_state_policy", slm);
    m_dialog->pf_state_policy->setEnabled(
        XMLTools::version_compare(version, "3.5") >= 0);

// Prepare block_policy combo box
    slm.clear();
    slm.push_back("");
    slm.push_back("");
    slm.push_back(QObject::tr("Drop"));
    slm.push_back("drop");
    slm.push_back(QObject::tr("Return"));
    slm.push_back("return");
    m_dialog->pf_block_policy->clear();
    m_dialog->pf_block_policy->addItems(getScreenNames(slm));
    data.registerOption( m_dialog->pf_block_policy, fwopt, "pf_block_policy", slm);
    m_dialog->pf_block_policy->setEnabled(
        XMLTools::version_compare(version, "3.5") >= 0);

// set debug combo box
    slm.clear();
    slm.push_back("");
    slm.push_back("");
    slm.push_back("emerg");
    slm.push_back("emerg");
    slm.push_back("alert");
    slm.push_back("alert");
    slm.push_back("crit");
    slm.push_back("crit");
    slm.push_back("err");
    slm.push_back("err");
    slm.push_back("warning");
    slm.push_back("warning");
    slm.push_back("notice");
    slm.push_back("notice");
    slm.push_back("info");
    slm.push_back("info");
    slm.push_back("debug");
    slm.push_back("debug");

    m_dialog->pf_set_debug->clear();
    m_dialog->pf_set_debug->addItems(getScreenNames(slm));
    data.registerOption( m_dialog->pf_set_debug, fwopt, "pf_set_debug", slm);
    m_dialog->pf_set_debug->setEnabled(
        XMLTools::version_compare(version, "3.5") >= 0);



    data.registerOption( m_dialog->pf_check_shadowing,fwopt, "check_shading");
    data.registerOption( m_dialog->pf_preserve_group_names, fwopt,
                         "preserve_group_names");
    data.registerOption( m_dialog->pf_ignore_empty_groups,fwopt,
                         "ignore_empty_groups");
//    data.registerOption( pf_use_tables, fwopt, "use_tables");
    data.registerOption( m_dialog->pf_accept_new_tcp_with_no_syn,fwopt, "accept_new_tcp_with_no_syn");
    data.registerOption( m_dialog->pf_modulate_state,fwopt, "pf_modulate_state");

    data.registerOption( m_dialog->pf_scrub_random_id,fwopt, "pf_scrub_random_id");
    data.registerOption( m_dialog->pf_do_scrub,fwopt, "pf_do_scrub");

// radio buttons

    // the following pf_scrub options are available in PF <= 4.5
    data.registerOption( m_dialog->pf_scrub_reassemble, fwopt,
                         "pf_scrub_reassemble");
    data.registerOption( m_dialog->pf_scrub_fragm_crop, fwopt,
                         "pf_scrub_fragm_crop");
    data.registerOption( m_dialog->pf_scrub_fragm_drop_ovl, fwopt,
                         "pf_scrub_fragm_drop_ovl");
    // pf_scrub_reassemble_tcp is available in all versions
    data.registerOption( m_dialog->pf_scrub_reassemble_tcp, fwopt,
                         "pf_scrub_reassemble_tcp");

    data.registerOption( m_dialog->pf_scrub_use_minttl, fwopt,
                         "pf_scrub_use_minttl");
    data.registerOption( m_dialog->pf_scrub_use_maxmss, fwopt,
                         "pf_scrub_use_maxmss");
    data.registerOption( m_dialog->pf_scrub_maxmss,fwopt, "pf_scrub_maxmss");
    data.registerOption( m_dialog->pf_scrub_minttl,fwopt, "pf_scrub_minttl");
    data.registerOption( m_dialog->pf_scrub_no_df,fwopt, "pf_scrub_no_df");
    data.registerOption( m_dialog->pf_fw_dir,fwopt, "firewall_dir");
    data.registerOption( m_dialog->pf_user,fwopt, "admUser");
    data.registerOption( m_dialog->altAddress,fwopt, "altAddress");
    data.registerOption( m_dialog->sshArgs, fwopt, "sshArgs");
    data.registerOption( m_dialog->scpArgs, fwopt, "scpArgs");
    data.registerOption( m_dialog->activationCmd, fwopt, "activationCmd");

    data.registerOption( m_dialog->pf_manage_virtual_addr, fwopt,
                         "manage_virtual_addr");
    data.registerOption( m_dialog->pf_configure_interfaces, fwopt,
                         "configure_interfaces");
    data.registerOption( m_dialog->pf_configure_carp_interfaces, fwopt,
                         "configure_carp_interfaces");
    data.registerOption( m_dialog->pf_configure_pfsync_interfaces, fwopt,
                         "configure_pfsync_interfaces");
    data.registerOption( m_dialog->pf_configure_vlan_interfaces, fwopt,
                         "configure_vlan_interfaces");
    data.registerOption( m_dialog->pf_configure_bridge_interfaces, fwopt,
                         "configure_bridge_interfaces");

    data.registerOption( m_dialog->pf_debug,fwopt, "debug");
    data.registerOption( m_dialog->pf_flush_states, fwopt, "pf_flush_states");

    data.registerOption( m_dialog->compiler,fwopt, "compiler");
    data.registerOption( m_dialog->compilerArgs,fwopt, "cmdline");

    data.registerOption( m_dialog->generateShellScript, fwopt,
                         "generate_shell_script");
    data.registerOption( m_dialog->generateRcConfFile, fwopt,
                         "generate_rc_conf_file");

    data.registerOption( m_dialog->outputFileName, fwopt, "output_file");
    data.registerOption( m_dialog->confFileName, fwopt, "conf1_file");

    data.registerOption( m_dialog->fileNameOnFw, fwopt,
                         "script_name_on_firewall");
    data.registerOption( m_dialog->confFileNameOnFw, fwopt,
                         "conf_file_name_on_firewall");

    data.registerOption( m_dialog->mgmt_ssh,fwopt, "mgmt_ssh");
    data.registerOption( m_dialog->mgmt_addr,fwopt, "mgmt_addr");

    data.registerOption( m_dialog->pf_set_tcp_first, fwopt, "pf_set_tcp_first");
    data.registerOption( m_dialog->pf_tcp_first, fwopt, "pf_tcp_first");
    data.registerOption( m_dialog->pf_set_tcp_opening, fwopt,
                         "pf_set_tcp_opening");
    data.registerOption( m_dialog->pf_tcp_opening, fwopt, "pf_tcp_opening");
    data.registerOption( m_dialog->pf_set_tcp_established, fwopt,
                         "pf_set_tcp_established");
    data.registerOption( m_dialog->pf_tcp_established, fwopt,
                         "pf_tcp_established");
    data.registerOption( m_dialog->pf_set_tcp_closing, fwopt,
                         "pf_set_tcp_closing");
    data.registerOption( m_dialog->pf_tcp_closing, fwopt, "pf_tcp_closing");
    data.registerOption( m_dialog->pf_set_tcp_finwait, fwopt,
                         "pf_set_tcp_finwait");
    data.registerOption( m_dialog->pf_tcp_finwait, fwopt,
                         "pf_tcp_finwait");
    data.registerOption( m_dialog->pf_set_tcp_closed, fwopt,
                         "pf_set_tcp_closed");
    data.registerOption( m_dialog->pf_tcp_closed, fwopt,
                         "pf_tcp_closed");
    data.registerOption( m_dialog->pf_set_udp_first, fwopt,
                         "pf_set_udp_first");
    data.registerOption( m_dialog->pf_udp_first, fwopt,
                         "pf_udp_first");
    data.registerOption( m_dialog->pf_set_udp_single, fwopt,
                         "pf_set_udp_single");
    data.registerOption( m_dialog->pf_udp_single, fwopt, "pf_udp_single");
    data.registerOption( m_dialog->pf_set_udp_multiple, fwopt,
                         "pf_set_udp_multiple");
    data.registerOption( m_dialog->pf_udp_multiple, fwopt, "pf_udp_multiple");
    data.registerOption( m_dialog->pf_set_icmp_first, fwopt,
                         "pf_set_icmp_first");
    data.registerOption( m_dialog->pf_icmp_first, fwopt, "pf_icmp_first");
    data.registerOption( m_dialog->pf_set_icmp_error, fwopt,
                         "pf_set_icmp_error");
    data.registerOption( m_dialog->pf_icmp_error, fwopt, "pf_icmp_error");
    data.registerOption( m_dialog->pf_set_other_first, fwopt,
                         "pf_set_other_first");
    data.registerOption( m_dialog->pf_other_first, fwopt, "pf_other_first");
    data.registerOption( m_dialog->pf_set_other_single, fwopt,
                         "pf_set_other_single");
    data.registerOption( m_dialog->pf_other_single, fwopt, "pf_other_single");
    data.registerOption( m_dialog->pf_set_other_multiple, fwopt,
                         "pf_set_other_multiple");
    data.registerOption( m_dialog->pf_other_multiple, fwopt,
                         "pf_other_multiple");

    data.registerOption( m_dialog->pf_set_adaptive, fwopt,
                         "pf_set_adaptive");
    data.registerOption( m_dialog->pf_adaptive_start, fwopt,
                         "pf_adaptive_start");
    data.registerOption( m_dialog->pf_adaptive_end, fwopt,
                         "pf_adaptive_end");

    PolicyInstallScript *pis   = mgmt->getPolicyInstallScript();

    m_dialog->installScript->setText(     pis->getCommand().c_str());
    m_dialog->installScriptArgs->setText( pis->getArguments().c_str());

/* page "Prolog/Epilog" */

    QStringList prologPlaces_pf;
    prologPlaces_pf.push_back(QObject::tr("in the activation shell script"));
    prologPlaces_pf.push_back("fw_file");

    prologPlaces_pf.push_back(QObject::tr("in the pf rule file, at the very top"));
    prologPlaces_pf.push_back("pf_file_top");

    prologPlaces_pf.push_back(QObject::tr("in the pf rule file, after set comamnds"));
    prologPlaces_pf.push_back("pf_file_after_set");

    prologPlaces_pf.push_back(QObject::tr("in the pf rule file, after scrub comamnds"));
    prologPlaces_pf.push_back("pf_file_after_scrub");

    prologPlaces_pf.push_back(QObject::tr("in the pf rule file, after table definitions"));
    prologPlaces_pf.push_back("pf_file_after_tables");

    m_dialog->prologPlace->clear();
    m_dialog->prologPlace->addItems(getScreenNames(prologPlaces_pf));
    data.registerOption( m_dialog->prologPlace, fwopt, "prolog_place",
                         prologPlaces_pf);

    data.registerOption( m_dialog->prolog_script, fwopt, "prolog_script");
    data.registerOption( m_dialog->epilog_script, fwopt, "epilog_script");



    data.loadAll();

    doScrubToggled();
    ltToggled();

    m_dialog->tabWidget->setCurrentIndex(0);
}
コード例 #6
0
ipfAdvancedDialog::ipfAdvancedDialog(QWidget *parent,FWObject *o)
    : QDialog(parent)
{
    m_dialog = new Ui::ipfAdvancedDialog_q;
    m_dialog->setupUi(this);

    obj=o;
    QStringList slm;

    FWOptions *fwopt=(Firewall::cast(obj))->getOptionsObject();
    assert(fwopt!=NULL);

    Management *mgmt=(Firewall::cast(obj))->getManagementObject();
    assert(mgmt!=NULL);

    if (fwbdebug)
        qDebug("%s",Resources::getTargetOptionStr(
                   obj->getStr("host_OS"),"user_can_change_install_dir").c_str());

    if (!Resources::getTargetOptionBool(
            obj->getStr("host_OS"),"user_can_change_install_dir"))
    {
        m_dialog->ipf_fw_dir->setEnabled(false);
        fwopt->setStr("firewall_dir","");
    }

    m_dialog->tabWidget->setTabEnabled(6,false); //Disable tab
    data.registerOption(m_dialog->ipv4before_2, fwopt, "ipv4_6_order",
                        QStringList() <<  tr("IPv4 before IPv6") <<"ipv4_first" << tr("IPv6 before IPv4") << "ipv6_first");
    data.registerOption( m_dialog->ipf_log_or_block,fwopt, "ipf_log_or_block"    );
    data.registerOption( m_dialog->ipf_log_body,fwopt, "ipf_log_body"        );
    data.registerOption( m_dialog->ipf_check_shadowing,fwopt, "check_shading"       );
    data.registerOption( m_dialog->ipf_eliminate_duplicates,fwopt, "eliminate_duplicates");
    data.registerOption( m_dialog->ipf_accept_new_tcp_with_no_syn,fwopt, "accept_new_tcp_with_no_syn");
    data.registerOption( m_dialog->ipf_ignore_empty_groups,fwopt, "ignore_empty_groups");
    data.registerOption( m_dialog->ipf_return_icmp_as_dest,fwopt, "ipf_return_icmp_as_dest");
    data.registerOption( m_dialog->ipf_nat_raudio_proxy,fwopt, "ipf_nat_raudio_proxy");
    data.registerOption( m_dialog->ipf_nat_h323_proxy,fwopt, "ipf_nat_h323_proxy");
    data.registerOption( m_dialog->ipf_nat_ipsec_proxy,fwopt, "ipf_nat_ipsec_proxy");
    data.registerOption( m_dialog->ipf_nat_pptp_proxy,fwopt, "ipf_nat_pptp_proxy");
    data.registerOption( m_dialog->ipf_nat_irc_proxy,fwopt, "ipf_nat_irc_proxy");
    data.registerOption( m_dialog->ipf_nat_ftp_proxy,fwopt, "ipf_nat_ftp_proxy");
    data.registerOption( m_dialog->ipf_nat_rcmd_proxy,fwopt, "ipf_nat_rcmd_proxy");
    data.registerOption( m_dialog->ipf_nat_krcmd_proxy,fwopt, "ipf_nat_krcmd_proxy");
    data.registerOption( m_dialog->ipf_nat_ekshell_proxy,fwopt, "ipf_nat_ekshell_proxy");
    data.registerOption( m_dialog->ipf_fw_dir,fwopt, "firewall_dir"      );
    data.registerOption( m_dialog->ipf_user,fwopt, "admUser"           );
    data.registerOption( m_dialog->altAddress, fwopt, "altAddress");
    data.registerOption( m_dialog->sshArgs, fwopt, "sshArgs");
    data.registerOption( m_dialog->scpArgs, fwopt, "scpArgs");
    data.registerOption( m_dialog->activationCmd, fwopt, "activationCmd");

    data.registerOption( m_dialog->ipf_manage_virtual_addr,fwopt, "manage_virtual_addr");
    data.registerOption( m_dialog->ipf_configure_interfaces,fwopt, "configure_interfaces");
    data.registerOption( m_dialog->ipf_debug,fwopt, "debug"            );
    data.registerOption( m_dialog->ipf_optimize,fwopt, "optimize"  );
    data.registerOption( m_dialog->ipf_dynAddr,fwopt, "dynAddr"   );

    slm = getLogLevels( obj->getStr("platform").c_str() );
    m_dialog->logLevel->clear();
    m_dialog->logLevel->addItems( getScreenNames( slm ));
    data.registerOption( m_dialog->logLevel, fwopt, "ipf_log_level", slm);

    slm = getLogFacilities( obj->getStr("platform").c_str() );
    m_dialog->logFacility->clear();
    m_dialog->logFacility->addItems( getScreenNames( slm ));
    data.registerOption( m_dialog->logFacility, fwopt, "ipf_log_facility", slm);

    data.registerOption( m_dialog->compiler, fwopt, "compiler" );
    data.registerOption( m_dialog->compilerArgs, fwopt, "cmdline"  );
    data.registerOption( m_dialog->outputFileName, fwopt, "output_file"  );
    data.registerOption( m_dialog->fileNameOnFw, fwopt, "script_name_on_firewall");
    data.registerOption( m_dialog->ipfConfFileNameOnFw, fwopt, "ipf_conf_file_name_on_firewall");
    data.registerOption( m_dialog->natConfFileNameOnFw, fwopt, "nat_conf_file_name_on_firewall");

    slm=getActionsOnReject( obj->getStr("platform").c_str() );
    m_dialog->actionOnReject->clear();
    m_dialog->actionOnReject->addItems(getScreenNames(slm));

    data.registerOption( m_dialog->actionOnReject, fwopt, "action_on_reject",slm);
    data.registerOption( m_dialog->mgmt_ssh, fwopt, "mgmt_ssh"  );
    data.registerOption( m_dialog->mgmt_addr, fwopt, "mgmt_addr" );

    PolicyInstallScript *pis   = mgmt->getPolicyInstallScript();

    m_dialog->installScript->setText(     pis->getCommand().c_str() );
    m_dialog->installScriptArgs->setText( pis->getArguments().c_str() );

/* page "Prolog/Epilog" */
    data.registerOption( m_dialog->prolog_script, fwopt, "prolog_script"  );

    data.registerOption( m_dialog->epilog_script, fwopt, "epilog_script"  );

    data.loadAll();

    m_dialog->tabWidget->setCurrentIndex(0);
}
コード例 #7
0
secuwallAdvancedDialog::secuwallAdvancedDialog(QWidget *parent, FWObject *o)
    : QDialog(parent)
{
    m_dialog = new Ui::secuwallAdvancedDialog_q;
    m_dialog->setupUi(this);

    obj=o;
    QStringList slm;

    string platform = obj->getStr("platform");
    string description = Resources::platform_res[platform]->
        getResourceStr("/FWBuilderResources/Target/description");
    setWindowTitle(QObject::tr("%1 advanced settings").arg(description.c_str()));

    FWOptions *fwoptions=(Firewall::cast(obj))->getOptionsObject();
    assert(fwoptions!=NULL);

    Management *mgmt=(Firewall::cast(obj))->getManagementObject();
    assert(mgmt!=NULL);

    data.registerOption(m_dialog->logTCPseq, fwoptions, "log_tcp_seq");
    data.registerOption(m_dialog->logTCPopt, fwoptions, "log_tcp_opt");
    data.registerOption(m_dialog->logIPopt, fwoptions, "log_ip_opt");
    data.registerOption(m_dialog->logNumsyslog, fwoptions,
                        "use_numeric_log_levels");

    slm = getLogLevels(obj->getStr("platform").c_str());
    m_dialog->logLevel->clear();
    m_dialog->logLevel->addItems(getScreenNames(slm));
    data.registerOption(m_dialog-> logLevel, fwoptions, "log_level", slm);

    data.registerOption(m_dialog->useULOG, fwoptions, "use_ULOG");
    data.registerOption(m_dialog->cprange, fwoptions, "ulog_cprange");
    data.registerOption(m_dialog->qthreshold, fwoptions, "ulog_qthreshold");
    data.registerOption(m_dialog->nlgroup, fwoptions, "ulog_nlgroup");
    data.registerOption(m_dialog->logprefix, fwoptions, "log_prefix");

    slm=getLimitSuffixes(obj->getStr("platform").c_str());
    m_dialog->logLimitSuffix->clear();
    m_dialog->logLimitSuffix->addItems(getScreenNames(slm));
    data.registerOption(m_dialog-> logLimitSuffix, fwoptions,
                        "limit_suffix", slm);

    data.registerOption(m_dialog->logLimitVal, fwoptions, "limit_value");
    data.registerOption(m_dialog->logAll, fwoptions, "log_all");
    data.registerOption(m_dialog->compiler, fwoptions, "compiler");
    data.registerOption(m_dialog->compilerArgs, fwoptions, "cmdline");
    data.registerOption(m_dialog->assumeFwIsPartOfAny,
                        fwoptions, "firewall_is_part_of_any_and_networks");
    data.registerOption(m_dialog->acceptSessions,
                        fwoptions, "accept_new_tcp_with_no_syn");
    data.registerOption(m_dialog->dropInvalid, fwoptions, "drop_invalid");
    data.registerOption(m_dialog->logInvalid, fwoptions, "log_invalid");
    data.registerOption(m_dialog->acceptESTBeforeFirst, fwoptions,
                        "accept_established");
    data.registerOption(m_dialog->bridge, fwoptions, "bridging_fw");
    data.registerOption(m_dialog->shadowing, fwoptions, "check_shading");
    data.registerOption(m_dialog->emptyGroups, fwoptions,
                        "ignore_empty_groups");
    data.registerOption(m_dialog->localNAT, fwoptions, "local_nat");
    data.registerOption(m_dialog->clampMSStoMTU, fwoptions, "clamp_mss_to_mtu");

    slm = getActionsOnReject(obj->getStr("platform").c_str());
    m_dialog->actionOnReject->clear();
    m_dialog->actionOnReject->addItems(getScreenNames(slm));
    data.registerOption(m_dialog-> actionOnReject,
                         fwoptions,"action_on_reject", slm);

    data.registerOption(m_dialog->mgmt_ssh, fwoptions, "mgmt_ssh");
    data.registerOption(m_dialog->mgmt_addr, fwoptions, "mgmt_addr");
    data.registerOption(m_dialog->add_mgmt_ssh_rule_when_stoped,
                        fwoptions, "add_mgmt_ssh_rule_when_stoped");
    data.registerOption(m_dialog->addVirtualsforNAT,
                        fwoptions, "manage_virtual_addr");

    data.registerOption(m_dialog->configureInterfaces,
                        fwoptions, "configure_interfaces");

    data.registerOption(m_dialog->iptDebug, fwoptions, "debug");
    data.registerOption(m_dialog->verifyInterfaces, fwoptions, "verify_interfaces");
    data.registerOption(m_dialog->allowReboot, fwoptions, "allow_reboot");
    data.registerOption(m_dialog->iptablesRestoreActivation,
                        fwoptions, "use_iptables_restore");
    data.registerOption(m_dialog->altAddress, fwoptions, "altAddress");
    data.registerOption(m_dialog->sshArgs, fwoptions, "sshArgs");
    data.registerOption(m_dialog->scpArgs, fwoptions, "scpArgs");
    data.registerOption(m_dialog->activationCmd, fwoptions, "activationCmd");

    PolicyInstallScript *pis   = mgmt->getPolicyInstallScript();

    m_dialog->installScript->setText(pis->getCommand().c_str());
    m_dialog->installScriptArgs->setText(pis->getArguments().c_str());

    /* page "Prolog/Epilog" */

    data.registerOption(m_dialog->prolog_script, fwoptions,
                        "prolog_script");

    QStringList prologPlaces_ipt;
    prologPlaces_ipt.push_back(QObject::tr("on top of the script"));
    prologPlaces_ipt.push_back("top");
    prologPlaces_ipt.push_back(QObject::tr("after interface configuration"));
    prologPlaces_ipt.push_back("after_interfaces");

    // bug #2820840: can't put prolog "after policy reset" if iptables-restore
    if (!fwoptions->getBool("use_iptables_restore"))
    {
        prologPlaces_ipt.push_back(QObject::tr("after policy reset"));
        prologPlaces_ipt.push_back("after_flush");
    }

    m_dialog->prologPlace->clear();
    m_dialog->prologPlace->addItems(getScreenNames(prologPlaces_ipt));
    data.registerOption(m_dialog-> prologPlace, fwoptions,
                        "prolog_place", prologPlaces_ipt);

    data.registerOption(m_dialog->epilog_script, fwoptions,
                        "epilog_script");

    data.loadAll();

    /* Now set sane values after loading data */
    /* secuwall supports currently only LOG, not ULOG */
    m_dialog->useLOG->setChecked(true);
    switchLOG_ULOG();
    m_dialog->useULOG->setEnabled(false);

    m_dialog->tabWidget->setCurrentIndex(0);
}
コード例 #8
0
bool FirewallInstallerUnx::packInstallJobsList(Firewall* fw)
{
    if (fwbdebug)
    {
        qDebug() << "FirewallInstallerUnx::packInstallJobList";
        qDebug() << "cnf->user="******"Installation plan:\n"));

    Management *mgmt = cnf->fwobj->getManagementObject();
    assert(mgmt!=NULL);
    PolicyInstallScript *pis = mgmt->getPolicyInstallScript();
    if (pis->getCommand()!="")
    {
        QString cmd = pis->getCommand().c_str();
        QString args = pis->getArguments().c_str();
        job_list.push_back(
            instJob(RUN_EXTERNAL_SCRIPT, cmd, args));
        inst_dlg->addToLog(QString("Run script %1 %2\n").arg(cmd).arg(args));
        return true;
    }

/* read manifest from the conf file */

    if (fwbdebug)
        qDebug("FirewallInstaller::packInstallJobsList read manifest from %s",
               cnf->script.toAscii().constData());

/*
 * Note that if output file is specified in firewall settings dialog,
 * it can be an absolute path. In this case compiler puts additional
 * generated files (if any) in the same directory. The manifest in the
 * .fw file does not specify directory path so that the .fw file and
 * all additional files can be moved together someplace else. We take
 * dir path from the .fw file and if it is not empty, assume that all
 * other files are located there as well.
 */
    // compilers always write file names into manifest in Utf8
    QTextCodec::setCodecForCStrings(QTextCodec::codecForName("Utf8"));
    QTextCodec::setCodecForLocale(QTextCodec::codecForName("Utf8"));

    //key: local_file_name  val: remote_file_name
    QMap<QString,QString> all_files;

    // readManifest() modifies cnf !
    if (readManifest(cnf->script, &all_files))
    {
        QMap<QString, QString>::iterator it;
        for (it=all_files.begin(); it!=all_files.end(); ++it)
        {
            QString local_name = it.key();
            QString remote_name = it.value();

            job_list.push_back(instJob(COPY_FILE, local_name, remote_name));
            inst_dlg->addToLog(QString("Copy file: %1 --> %2\n")
                               .arg(local_name)
                               .arg(remote_name).toAscii().constData());
        }
    } else
    {
        inst_dlg->opError(fw);
        return false;
    }

    if (job_list.size()==0)
    {
        QMessageBox::critical(
            inst_dlg, "Firewall Builder",
            tr("Incorrect manifest format in generated script. "
               "Line with \"*\" is missing, can not find any files "
               "to copy to the firewall.\n%1").arg(cnf->script),
            tr("&Continue"), QString::null,QString::null,
            0, 1 );
        return false;
    }

    if (cnf->copyFWB)
    {
        QString dest_dir = getDestinationDir(cnf->fwdir);
        QFileInfo fwbfile_base(cnf->fwbfile);
        job_list.push_back(instJob(
                               COPY_FILE,
                               fwbfile_base.fileName(),
                               dest_dir));
        inst_dlg->addToLog(QString("Copy data file: %1 --> %2\n")
                           .arg(fwbfile_base.fileName())
                           .arg(dest_dir).toAscii().constData());
    }

    QString cmd = getActivationCmd();

    job_list.push_back(instJob(ACTIVATE_POLICY, cmd, ""));
    inst_dlg->addToLog(QString("Run script %1\n").arg(cmd));
    inst_dlg->addToLog(QString("\n"));
    return true;
}