From 03871c1e06b2384442b0e4f359e848d25e380875 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Wed, 28 Nov 2018 10:14:19 -0500
Subject: [PATCH 23/34] firewall-config: support rich rule priorities

(cherry picked from commit e7998960fb285120b3b97e163bb87e25976d22d0)
---
 src/firewall-config.glade | 163 ++++++++++++--------------------------
 src/firewall-config.in    |  33 ++++++--
 2 files changed, 76 insertions(+), 120 deletions(-)

diff --git a/src/firewall-config.glade b/src/firewall-config.glade
index 75c229b408fd..689433c47eca 100644
--- a/src/firewall-config.glade
+++ b/src/firewall-config.glade
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Generated with glade 3.20.2 -->
+<!-- Generated with glade 3.20.0 -->
 <interface>
   <requires lib="gtk+" version="3.6"/>
   <!-- interface-local-resource-path icons -->
@@ -31,9 +31,6 @@
         </child>
       </object>
     </child>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="addressDialog">
     <property name="can_focus">False</property>
@@ -169,9 +166,6 @@
       <action-widget response="-1">addressDialogCancelButton</action-widget>
       <action-widget response="1">addressDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="automaticHelpersDialog">
     <property name="can_focus">False</property>
@@ -292,9 +286,6 @@
       <action-widget response="-1">automaticHelpersDialogCancelButton</action-widget>
       <action-widget response="1">automaticHelpersDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="commandDialog">
     <property name="can_focus">False</property>
@@ -414,9 +405,6 @@
       <action-widget response="-1">commandDialogCancelButton</action-widget>
       <action-widget response="1">commandDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="contextDialog">
     <property name="can_focus">False</property>
@@ -536,9 +524,6 @@
       <action-widget response="-1">contextDialogCancelButton</action-widget>
       <action-widget response="1">contextDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="defaultZoneDialog">
     <property name="width_request">200</property>
@@ -660,9 +645,6 @@
       <action-widget response="-1">portDialogCancelButton1</action-widget>
       <action-widget response="1">defaultZoneDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="directChainDialog">
     <property name="can_focus">False</property>
@@ -862,9 +844,6 @@
       <action-widget response="-1">directChainDialogCancelButton</action-widget>
       <action-widget response="1">directChainDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="directPassthroughDialog">
     <property name="can_focus">False</property>
@@ -1028,9 +1007,6 @@
       <action-widget response="-1">directPassthroughDialogCancelButton</action-widget>
       <action-widget response="1">directPassthroughDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="forwardDialog">
     <property name="width_request">200</property>
@@ -1369,9 +1345,6 @@
       <action-widget response="-1">button15</action-widget>
       <action-widget response="1">forwardDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="helperBaseDialog">
     <property name="can_focus">False</property>
@@ -1715,9 +1688,6 @@
       <action-widget response="-1">helperBaseDialogCancelButton</action-widget>
       <action-widget response="1">helperBaseDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="helperDialog">
     <property name="height_request">300</property>
@@ -1832,9 +1802,6 @@
       <action-widget response="-1">helperDialogCancelButton</action-widget>
       <action-widget response="1">helperDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="icmpBaseDialog">
     <property name="can_focus">False</property>
@@ -2070,9 +2037,6 @@
       <action-widget response="-1">icmpBaseDialogCancelButton</action-widget>
       <action-widget response="1">icmpBaseDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="icmptypeDialog">
     <property name="height_request">300</property>
@@ -2186,9 +2150,6 @@
       <action-widget response="-1">icmptypeDialogCancelButton</action-widget>
       <action-widget response="1">icmptypeDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkImage" id="image1">
     <property name="visible">True</property>
@@ -7852,9 +7813,6 @@
       <action-widget response="-1">interfaceDialogCancelButton</action-widget>
       <action-widget response="1">interfaceDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="ipsetBaseDialog">
     <property name="can_focus">False</property>
@@ -8258,9 +8216,6 @@
       <action-widget response="-1">ipsetBaseDialogCancelButton</action-widget>
       <action-widget response="1">ipsetBaseDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="ipsetDialog">
     <property name="width_request">300</property>
@@ -8375,9 +8330,6 @@
       <action-widget response="-1">ipsetDialogCancelButton</action-widget>
       <action-widget response="1">ipsetDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="ipsetEntryDialog">
     <property name="can_focus">False</property>
@@ -8541,9 +8493,6 @@
       <action-widget response="-1">ipsetEntryDialogCancelButton</action-widget>
       <action-widget response="1">ipsetEntryDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="logDeniedDialog">
     <property name="can_focus">False</property>
@@ -8664,9 +8613,6 @@
       <action-widget response="-1">logDeniedDialogCancelButton</action-widget>
       <action-widget response="1">logDeniedDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkTextBuffer" id="logTextBuffer"/>
   <object class="GtkDialog" id="macDialog">
@@ -8789,9 +8735,6 @@
       <action-widget response="-1">macDialogCancelButton</action-widget>
       <action-widget response="1">macDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="markDialog">
     <property name="can_focus">False</property>
@@ -8969,9 +8912,6 @@
       <action-widget response="-1">markDialogCancelButton</action-widget>
       <action-widget response="1">markDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="moduleDialog">
     <property name="can_focus">False</property>
@@ -9139,9 +9079,6 @@
       <action-widget response="-1">moduleDialogCancelButton</action-widget>
       <action-widget response="1">moduleDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="portDialog">
     <property name="can_focus">False</property>
@@ -9307,9 +9244,6 @@
       <action-widget response="-1">portDialogCancelButton</action-widget>
       <action-widget response="1">portDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkAdjustment" id="priority_adjustment">
     <property name="lower">-99999999</property>
@@ -9563,9 +9497,6 @@
       <action-widget response="-1">directRuleDialogCancelButton</action-widget>
       <action-widget response="1">directRuleDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="protoDialog">
     <property name="can_focus">False</property>
@@ -9744,9 +9675,12 @@
       <action-widget response="-1">protoDialogCancelButton</action-widget>
       <action-widget response="1">protoDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
+  </object>
+  <object class="GtkAdjustment" id="rich_rule_priority_adjustment">
+    <property name="lower">-32768</property>
+    <property name="upper">32767</property>
+    <property name="step_increment">1</property>
+    <property name="page_increment">10</property>
   </object>
   <object class="GtkDialog" id="richRuleDialog">
     <property name="can_focus">False</property>
@@ -9855,7 +9789,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">6</property>
+                    <property name="top_attach">7</property>
                   </packing>
                 </child>
                 <child>
@@ -9868,7 +9802,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">8</property>
+                    <property name="top_attach">9</property>
                   </packing>
                 </child>
                 <child>
@@ -9884,7 +9818,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">10</property>
+                    <property name="top_attach">11</property>
                   </packing>
                 </child>
                 <child>
@@ -9900,7 +9834,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">12</property>
+                    <property name="top_attach">13</property>
                   </packing>
                 </child>
                 <child>
@@ -10024,7 +9958,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">1</property>
-                    <property name="top_attach">6</property>
+                    <property name="top_attach">7</property>
                   </packing>
                 </child>
                 <child>
@@ -10113,7 +10047,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">1</property>
-                    <property name="top_attach">8</property>
+                    <property name="top_attach">9</property>
                   </packing>
                 </child>
                 <child>
@@ -10375,7 +10309,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">1</property>
-                    <property name="top_attach">4</property>
+                    <property name="top_attach">5</property>
                   </packing>
                 </child>
                 <child>
@@ -10541,7 +10475,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">1</property>
-                    <property name="top_attach">10</property>
+                    <property name="top_attach">11</property>
                   </packing>
                 </child>
                 <child>
@@ -10627,7 +10561,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">1</property>
-                    <property name="top_attach">12</property>
+                    <property name="top_attach">13</property>
                   </packing>
                 </child>
                 <child>
@@ -10724,7 +10658,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">1</property>
-                    <property name="top_attach">2</property>
+                    <property name="top_attach">3</property>
                   </packing>
                 </child>
                 <child>
@@ -10753,7 +10687,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">2</property>
+                    <property name="top_attach">3</property>
                   </packing>
                 </child>
                 <child>
@@ -10763,7 +10697,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">1</property>
+                    <property name="top_attach">2</property>
                     <property name="width">2</property>
                   </packing>
                 </child>
@@ -10774,7 +10708,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">3</property>
+                    <property name="top_attach">4</property>
                     <property name="width">2</property>
                   </packing>
                 </child>
@@ -10785,7 +10719,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">5</property>
+                    <property name="top_attach">6</property>
                     <property name="width">2</property>
                   </packing>
                 </child>
@@ -10796,7 +10730,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">7</property>
+                    <property name="top_attach">8</property>
                     <property name="width">2</property>
                   </packing>
                 </child>
@@ -10807,7 +10741,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">9</property>
+                    <property name="top_attach">10</property>
                     <property name="width">2</property>
                   </packing>
                 </child>
@@ -10818,7 +10752,7 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">11</property>
+                    <property name="top_attach">12</property>
                     <property name="width">2</property>
                   </packing>
                 </child>
@@ -10835,7 +10769,33 @@
                   </object>
                   <packing>
                     <property name="left_attach">0</property>
-                    <property name="top_attach">4</property>
+                    <property name="top_attach">5</property>
+                  </packing>
+                </child>
+                <child>
+                  <object class="GtkLabel">
+                    <property name="visible">True</property>
+                    <property name="can_focus">False</property>
+                    <property name="label" translatable="yes">Priority:</property>
+                    <property name="xalign">1</property>
+                  </object>
+                  <packing>
+                    <property name="left_attach">0</property>
+                    <property name="top_attach">1</property>
+                  </packing>
+                </child>
+                <child>
+                  <object class="GtkSpinButton" id="richRuleDialogPriorityEntry">
+                    <property name="visible">True</property>
+                    <property name="can_focus">True</property>
+                    <property name="input_purpose">number</property>
+                    <property name="adjustment">rich_rule_priority_adjustment</property>
+                    <property name="numeric">True</property>
+                    <signal name="value-changed" handler="on_richRuleDialog_changed" swapped="no"/>
+                  </object>
+                  <packing>
+                    <property name="left_attach">1</property>
+                    <property name="top_attach">1</property>
                   </packing>
                 </child>
               </object>
@@ -10858,9 +10818,6 @@
       <action-widget response="-1">richRuleDialogCancelButton</action-widget>
       <action-widget response="1">richRuleDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="serviceBaseDialog">
     <property name="can_focus">False</property>
@@ -11095,9 +11052,6 @@
       <action-widget response="-1">serviceBaseDialogCancelButton</action-widget>
       <action-widget response="1">serviceBaseDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="serviceDialog">
     <property name="height_request">300</property>
@@ -11211,9 +11165,6 @@
       <action-widget response="-1">serviceDialogCancelButton</action-widget>
       <action-widget response="1">serviceDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="sourceDialog">
     <property name="can_focus">False</property>
@@ -11393,9 +11344,6 @@
       <action-widget response="-1">sourceDialogCancelButton</action-widget>
       <action-widget response="1">sourceDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="uidDialog">
     <property name="can_focus">False</property>
@@ -11517,9 +11465,6 @@
       <action-widget response="-1">uidDialogCancelButton</action-widget>
       <action-widget response="1">uidDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkDialog" id="userDialog">
     <property name="can_focus">False</property>
@@ -11640,9 +11585,6 @@
       <action-widget response="-1">userDialogCancelButton</action-widget>
       <action-widget response="1">userDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
   <object class="GtkWindow" id="waitingWindow">
     <property name="can_focus">False</property>
@@ -12033,8 +11975,5 @@
       <action-widget response="-1">zoneBaseDialogCancelButton</action-widget>
       <action-widget response="1">zoneBaseDialogOkButton</action-widget>
     </action-widgets>
-    <child>
-      <placeholder/>
-    </child>
   </object>
 </interface>
diff --git a/src/firewall-config.in b/src/firewall-config.in
index c19541b0ce82..373f431685cc 100755
--- a/src/firewall-config.in
+++ b/src/firewall-config.in
@@ -810,6 +810,7 @@ class FirewallConfig(object):
         self.richRuleView = builder.get_object("richRuleView")
         self.richRuleStore = Gtk.ListStore(GObject.TYPE_PYOBJECT, # the rule obj
                                            GObject.TYPE_STRING, # ipv4/ipv6
+                                           GObject.TYPE_INT,    # priority
                                            GObject.TYPE_STRING, # action
                                            GObject.TYPE_STRING, # element
                                            GObject.TYPE_STRING, # source
@@ -820,18 +821,21 @@ class FirewallConfig(object):
         self.richRuleView.append_column(
             Gtk.TreeViewColumn(_("Family"), Gtk.CellRendererText(), text=1))
         self.richRuleView.append_column(
-            Gtk.TreeViewColumn(_("Action"), Gtk.CellRendererText(), text=2))
+            Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=2))
         self.richRuleView.append_column(
-            Gtk.TreeViewColumn(_("Element"), Gtk.CellRendererText(), text=3))
+            Gtk.TreeViewColumn(_("Action"), Gtk.CellRendererText(), text=3))
         self.richRuleView.append_column(
-            Gtk.TreeViewColumn(_("Src"), Gtk.CellRendererText(), text=4))
+            Gtk.TreeViewColumn(_("Element"), Gtk.CellRendererText(), text=4))
         self.richRuleView.append_column(
-            Gtk.TreeViewColumn(_("Dest"), Gtk.CellRendererText(), text=5))
+            Gtk.TreeViewColumn(_("Src"), Gtk.CellRendererText(), text=5))
         self.richRuleView.append_column(
-            Gtk.TreeViewColumn(_("log"), Gtk.CellRendererText(), text=6))
+            Gtk.TreeViewColumn(_("Dest"), Gtk.CellRendererText(), text=6))
         self.richRuleView.append_column(
-            Gtk.TreeViewColumn(_("Audit"), Gtk.CellRendererText(), text=7))
+            Gtk.TreeViewColumn(_("log"), Gtk.CellRendererText(), text=7))
+        self.richRuleView.append_column(
+            Gtk.TreeViewColumn(_("Audit"), Gtk.CellRendererText(), text=8))
         self.richRuleView.set_model(self.richRuleStore)
+        self.richRuleStore.set_sort_column_id(2, Gtk.SortType.ASCENDING)
 
         self.richRuleView.get_selection().connect( \
             "changed", self.change_rich_rule_selection_cb)
@@ -848,6 +852,8 @@ class FirewallConfig(object):
 
         self.richRuleDialogFamilyCombobox = builder.get_object( \
             "richRuleDialogFamilyCombobox")
+        self.richRuleDialogPriorityEntry = builder.get_object( \
+            "richRuleDialogPriorityEntry")
         self.richRuleDialogElementCheck = builder.get_object( \
             "richRuleDialogElementCheck")
         self.richRuleDialogElementBox = builder.get_object( \
@@ -2021,6 +2027,7 @@ class FirewallConfig(object):
 
     def _add_rich_rule(self, obj):
         family = "all"
+        priority = 0
         src = ""
         dest = ""
         elem = ""
@@ -2030,6 +2037,8 @@ class FirewallConfig(object):
 
         if obj.family:
             family = obj.family
+        if obj.priority:
+            priority = obj.priority
         if obj.action:
             if type(obj.action) == rich.Rich_Accept:
                 action = _("accept")
@@ -2096,8 +2105,8 @@ class FirewallConfig(object):
             if audit == "":
                 audit = _("yes")
 
-        self.richRuleStore.append([obj, family, action, elem, src, dest, log,
-                                   audit])
+        self.richRuleStore.append([obj, family, priority, action, elem, src,
+                                   dest, log, audit])
 
     def richrule_added_cb(self, zone, rule, timeout):
         if not self.runtime_view or zone != self.get_selected_zone():
@@ -3085,6 +3094,7 @@ class FirewallConfig(object):
 
     def add_edit_rich_rule(self, add):
         self.richRuleDialogFamilyCombobox.set_active(0)
+        self.richRuleDialogPriorityEntry.set_value(0)
         self.richRuleDialogElementCheck.set_active(False)
         self.richRuleDialogElementCombobox.set_active(0)
         self.richRuleDialogElementChooser.set_text("")
@@ -3143,6 +3153,8 @@ class FirewallConfig(object):
             if old_obj.family in [ "ipv4", "ipv6" ]:
                 combobox_select_text(self.richRuleDialogFamilyCombobox,
                                      old_obj.family, insensitive=True)
+            if old_obj.priority != 0:
+                self.richRuleDialogPriorityEntry.set_value(old_obj.priority)
 
             if old_obj.element:
                 self.richRuleDialogElementCheck.set_active(True)
@@ -3633,6 +3645,11 @@ class FirewallConfig(object):
         else:
             rule = rich.Rich_Rule() # ipv4+ipv6 rule
 
+        # priority
+        priority = self.richRuleDialogPriorityEntry.get_value_as_int()
+        if priority != 0:
+            rule.priority = priority
+
         # element
         if self.richRuleDialogElementCheck.get_active():
             combolabel = self.richRuleDialogElementCombobox.get_active_text()
-- 
2.18.0