Update config and add ordering

safing · Apr 21, 2020 · e262ad1 · e262ad1
1 parent f78dd18
commit e262ad1
Show file tree

Hide file tree

Showing 5 changed files with 181 additions and 68 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/firewall/config.go b/firewall/config.go
@@ -8,11 +8,13 @@ import (
 var (
 	CfgOptionEnableFilterKey = "filter/enable"
 
-	CfgOptionPermanentVerdictsKey = "filter/permanentVerdicts"
-	permanentVerdicts             config.BoolOption
+	CfgOptionPromptTimeoutKey   = "filter/promptTimeout"
+	CfgOptionPromptTimeoutOrder = 2
+	promptTimeout               config.IntOption
 
-	CfgOptionPromptTimeoutKey = "filter/promptTimeout"
-	promptTimeout             config.IntOption
+	CfgOptionPermanentVerdictsKey   = "filter/permanentVerdicts"
+	CfgOptionPermanentVerdictsOrder = 128
+	permanentVerdicts               config.BoolOption
 
 	devMode          config.BoolOption
 	apiListenAddress config.StringOption
@@ -23,6 +25,7 @@ func registerConfig() error {
 		Name:           "Permanent Verdicts",
 		Key:            CfgOptionPermanentVerdictsKey,
 		Description:    "With permanent verdicts, control of a connection is fully handed back to the OS after the initial decision. This brings a great performance increase, but makes it impossible to change the decision of a link later on.",
+		Order:          CfgOptionPermanentVerdictsOrder,
 		OptType:        config.OptTypeBool,
 		ExpertiseLevel: config.ExpertiseLevelExpert,
 		ReleaseLevel:   config.ReleaseLevelExperimental,
@@ -37,6 +40,7 @@ func registerConfig() error {
 		Name:           "Timeout for prompt notifications",
 		Key:            CfgOptionPromptTimeoutKey,
 		Description:    "Amount of time how long Portmaster will wait for a response when prompting about a connection via a notification. In seconds.",
+		Order:          CfgOptionPromptTimeoutOrder,
 		OptType:        config.OptTypeInt,
 		ExpertiseLevel: config.ExpertiseLevelUser,
 		ReleaseLevel:   config.ReleaseLevelBeta,

diff --git a/profile/config.go b/profile/config.go
@@ -12,53 +12,75 @@ var (
 	cfgIntOptions         = make(map[string]config.IntOption)
 	cfgBoolOptions        = make(map[string]config.BoolOption)
 
-	CfgOptionDefaultActionKey = "filter/defaultAction"
-	cfgOptionDefaultAction    config.StringOption
+	// Enable Filter Order = 0
 
-	CfgOptionDisableAutoPermitKey = "filter/disableAutoPermit"
-	cfgOptionDisableAutoPermit    config.IntOption // security level option
+	CfgOptionDefaultActionKey   = "filter/defaultAction"
+	cfgOptionDefaultAction      config.StringOption
+	cfgOptionDefaultActionOrder = 1
 
-	CfgOptionEndpointsKey = "filter/endpoints"
-	cfgOptionEndpoints    config.StringArrayOption
+	// Prompt Timeout Order = 2
 
-	CfgOptionServiceEndpointsKey = "filter/serviceEndpoints"
-	cfgOptionServiceEndpoints    config.StringArrayOption
+	CfgOptionBlockScopeInternetKey   = "filter/blockInternet"
+	cfgOptionBlockScopeInternet      config.IntOption // security level option
+	cfgOptionBlockScopeInternetOrder = 16
 
-	CfgOptionFilterListKey = "filter/lists"
-	cfgOptionFilterLists   config.StringArrayOption
+	CfgOptionBlockScopeLANKey   = "filter/blockLAN"
+	cfgOptionBlockScopeLAN      config.IntOption // security level option
+	cfgOptionBlockScopeLANOrder = 17
 
-	CfgOptionFilterSubDomainsKey = "filter/includeSubdomains"
-	cfgOptionFilterSubDomains    config.IntOption // security level option
+	CfgOptionBlockScopeLocalKey   = "filter/blockLocal"
+	cfgOptionBlockScopeLocal      config.IntOption // security level option
+	cfgOptionBlockScopeLocalOrder = 18
 
-	CfgOptionFilterCNAMEKey = "filter/includeCNAMEs"
-	cfgOptionFilterCNAME    config.IntOption // security level option
+	CfgOptionBlockP2PKey   = "filter/blockP2P"
+	cfgOptionBlockP2P      config.IntOption // security level option
+	cfgOptionBlockP2POrder = 19
 
-	CfgOptionBlockScopeLocalKey = "filter/blockLocal"
-	cfgOptionBlockScopeLocal    config.IntOption // security level option
+	CfgOptionBlockInboundKey   = "filter/blockInbound"
+	cfgOptionBlockInbound      config.IntOption // security level option
+	cfgOptionBlockInboundOrder = 20
 
-	CfgOptionBlockScopeLANKey = "filter/blockLAN"
-	cfgOptionBlockScopeLAN    config.IntOption // security level option
+	CfgOptionEndpointsKey   = "filter/endpoints"
+	cfgOptionEndpoints      config.StringArrayOption
+	cfgOptionEndpointsOrder = 32
 
-	CfgOptionBlockScopeInternetKey = "filter/blockInternet"
-	cfgOptionBlockScopeInternet    config.IntOption // security level option
+	CfgOptionServiceEndpointsKey   = "filter/serviceEndpoints"
+	cfgOptionServiceEndpoints      config.StringArrayOption
+	cfgOptionServiceEndpointsOrder = 33
 
-	CfgOptionBlockP2PKey = "filter/blockP2P"
-	cfgOptionBlockP2P    config.IntOption // security level option
+	CfgOptionPreventBypassingKey   = "filter/preventBypassing"
+	cfgOptionPreventBypassing      config.IntOption // security level option
+	cfgOptionPreventBypassingOrder = 48
 
-	CfgOptionBlockInboundKey = "filter/blockInbound"
-	cfgOptionBlockInbound    config.IntOption // security level option
+	CfgOptionFilterListsKey   = "filter/lists"
+	cfgOptionFilterLists      config.StringArrayOption
+	cfgOptionFilterListsOrder = 64
 
-	CfgOptionEnforceSPNKey = "filter/enforceSPN"
-	cfgOptionEnforceSPN    config.IntOption // security level option
+	CfgOptionFilterSubDomainsKey   = "filter/includeSubdomains"
+	cfgOptionFilterSubDomains      config.IntOption // security level option
+	cfgOptionFilterSubDomainsOrder = 65
 
-	CfgOptionRemoveOutOfScopeDNSKey = "filter/removeOutOfScopeDNS"
-	cfgOptionRemoveOutOfScopeDNS    config.IntOption // security level option
+	CfgOptionFilterCNAMEKey   = "filter/includeCNAMEs"
+	cfgOptionFilterCNAME      config.IntOption // security level option
+	cfgOptionFilterCNAMEOrder = 66
 
-	CfgOptionRemoveBlockedDNSKey = "filter/removeBlockedDNS"
-	cfgOptionRemoveBlockedDNS    config.IntOption // security level option
+	CfgOptionDisableAutoPermitKey   = "filter/disableAutoPermit"
+	cfgOptionDisableAutoPermit      config.IntOption // security level option
+	cfgOptionDisableAutoPermitOrder = 80
 
-	CfgOptionPreventBypassingKey = "filter/preventBypassing"
-	cfgOptionPreventBypassing    config.IntOption // security level option
+	CfgOptionEnforceSPNKey   = "filter/enforceSPN"
+	cfgOptionEnforceSPN      config.IntOption // security level option
+	cfgOptionEnforceSPNOrder = 96
+
+	CfgOptionRemoveOutOfScopeDNSKey   = "filter/removeOutOfScopeDNS"
+	cfgOptionRemoveOutOfScopeDNS      config.IntOption // security level option
+	cfgOptionRemoveOutOfScopeDNSOrder = 112
+
+	CfgOptionRemoveBlockedDNSKey   = "filter/removeBlockedDNS"
+	cfgOptionRemoveBlockedDNS      config.IntOption // security level option
+	cfgOptionRemoveBlockedDNSOrder = 113
+
+	// Permanent Verdicts Order = 128
 )
 
 func registerConfiguration() error {
@@ -70,6 +92,7 @@ func registerConfiguration() error {
 		Name:            "Default Filter Action",
 		Key:             CfgOptionDefaultActionKey,
 		Description:     `The default filter action when nothing else permits or blocks a connection.`,
+		Order:           cfgOptionDefaultActionOrder,
 		OptType:         config.OptTypeString,
 		DefaultValue:    "permit",
 		ExternalOptType: "string list",
@@ -86,6 +109,7 @@ func registerConfiguration() error {
 		Name:            "Disable Auto Permit",
 		Key:             CfgOptionDisableAutoPermitKey,
 		Description:     "Auto Permit searches for a relation between an app and the destionation of a connection - if there is a correlation, the connection will be permitted. This setting is negated in order to provide a streamlined user experience, where higher settings are better.",
+		Order:           cfgOptionDisableAutoPermitOrder,
 		OptType:         config.OptTypeInt,
 		ExternalOptType: "security level",
 		DefaultValue:    status.SecurityLevelsAll,
@@ -121,6 +145,7 @@ Examples:
 	+ .example.com */HTTP
 	- .example.com
 	+ 192.168.0.1/24`,
+		Order:           cfgOptionEndpointsOrder,
 		OptType:         config.OptTypeStringArray,
 		DefaultValue:    []string{},
 		ExternalOptType: "endpoint list",
@@ -156,6 +181,7 @@ Examples:
 	+ .example.com */HTTP
 	- .example.com
 	+ 192.168.0.1/24`,
+		Order:           cfgOptionServiceEndpointsOrder,
 		OptType:         config.OptTypeStringArray,
 		DefaultValue:    []string{},
 		ExternalOptType: "endpoint list",
@@ -170,8 +196,9 @@ Examples:
 	// Filter list IDs
 	err = config.Register(&config.Option{
 		Name:            "Filter List",
-		Key:             CfgOptionFilterListKey,
+		Key:             CfgOptionFilterListsKey,
 		Description:     "Filter connections by matching the endpoint against configured filterlists",
+		Order:           cfgOptionFilterListsOrder,
 		OptType:         config.OptTypeStringArray,
 		DefaultValue:    []string{"TRAC", "MAL"},
 		ExternalOptType: "filter list",
@@ -180,14 +207,15 @@ Examples:
 	if err != nil {
 		return err
 	}
-	cfgOptionFilterLists = config.Concurrent.GetAsStringArray(CfgOptionFilterListKey, []string{})
-	cfgStringArrayOptions[CfgOptionFilterListKey] = cfgOptionFilterLists
+	cfgOptionFilterLists = config.Concurrent.GetAsStringArray(CfgOptionFilterListsKey, []string{})
+	cfgStringArrayOptions[CfgOptionFilterListsKey] = cfgOptionFilterLists
 
 	// Include CNAMEs
 	err = config.Register(&config.Option{
 		Name:            "Filter CNAMEs",
 		Key:             CfgOptionFilterCNAMEKey,
 		Description:     "Also filter requests where a CNAME would be blocked",
+		Order:           cfgOptionFilterCNAMEOrder,
 		OptType:         config.OptTypeInt,
 		ExternalOptType: "security level",
 		DefaultValue:    status.SecurityLevelsAll,
@@ -205,6 +233,7 @@ Examples:
 		Name:            "Filter SubDomains",
 		Key:             CfgOptionFilterSubDomainsKey,
 		Description:     "Also filter sub-domains if a parent domain is blocked by a filter list",
+		Order:           cfgOptionFilterSubDomainsOrder,
 		OptType:         config.OptTypeInt,
 		ExternalOptType: "security level",
 		DefaultValue:    status.SecurityLevelOff,
@@ -221,6 +250,7 @@ Examples:
 		Name:            "Block Scope Local",
 		Key:             CfgOptionBlockScopeLocalKey,
 		Description:     "Block connections to your own device, ie. localhost.",
+		Order:           cfgOptionBlockScopeLocalOrder,
 		OptType:         config.OptTypeInt,
 		ExternalOptType: "security level",
 		DefaultValue:    status.SecurityLevelOff,
@@ -237,6 +267,7 @@ Examples:
 		Name:            "Block Scope LAN",
 		Key:             CfgOptionBlockScopeLANKey,
 		Description:     "Block connections to the Local Area Network.",
+		Order:           cfgOptionBlockScopeLANOrder,
 		OptType:         config.OptTypeInt,
 		ExternalOptType: "security level",
 		DefaultValue:    status.SecurityLevelOff,
@@ -253,6 +284,7 @@ Examples:
 		Name:            "Block Scope Internet",
 		Key:             CfgOptionBlockScopeInternetKey,
 		Description:     "Block connections to the Internet.",
+		Order:           cfgOptionBlockScopeInternetOrder,
 		OptType:         config.OptTypeInt,
 		ExternalOptType: "security level",
 		DefaultValue:    status.SecurityLevelOff,
@@ -269,6 +301,7 @@ Examples:
 		Name:            "Block Peer to Peer Connections",
 		Key:             CfgOptionBlockP2PKey,
 		Description:     "Block peer to peer connections. These are connections that are established directly to an IP address on the Internet without resolving a domain name via DNS first.",
+		Order:           cfgOptionBlockP2POrder,
 		OptType:         config.OptTypeInt,
 		ExternalOptType: "security level",
 		DefaultValue:    status.SecurityLevelsAll,
@@ -285,6 +318,7 @@ Examples:
 		Name:            "Block Inbound Connections",
 		Key:             CfgOptionBlockInboundKey,
 		Description:     "Block inbound connections to your device. This will usually only be the case if you are running a network service or are using peer to peer software.",
+		Order:           cfgOptionBlockInboundOrder,
 		OptType:         config.OptTypeInt,
 		ExternalOptType: "security level",
 		DefaultValue:    status.SecurityLevelsHighAndExtreme,
@@ -301,6 +335,7 @@ Examples:
 		Name:            "Enforce SPN",
 		Key:             CfgOptionEnforceSPNKey,
 		Description:     "This setting enforces connections to be routed over the SPN. If this is not possible for any reason, connections will be blocked.",
+		Order:           cfgOptionEnforceSPNOrder,
 		OptType:         config.OptTypeInt,
 		ReleaseLevel:    config.ReleaseLevelExperimental,
 		ExternalOptType: "security level",
@@ -318,6 +353,7 @@ Examples:
 		Name:            "Filter Out-of-Scope DNS Records",
 		Key:             CfgOptionRemoveOutOfScopeDNSKey,
 		Description:     "Filter DNS answers that are outside of the scope of the server. A server on the public Internet may not respond with a private LAN address.",
+		Order:           cfgOptionRemoveOutOfScopeDNSOrder,
 		OptType:         config.OptTypeInt,
 		ExpertiseLevel:  config.ExpertiseLevelExpert,
 		ReleaseLevel:    config.ReleaseLevelBeta,
@@ -336,6 +372,7 @@ Examples:
 		Name:            "Filter DNS Records that would be blocked",
 		Key:             CfgOptionRemoveBlockedDNSKey,
 		Description:     "Pre-filter DNS answers that an application would not be allowed to connect to.",
+		Order:           cfgOptionRemoveBlockedDNSOrder,
 		OptType:         config.OptTypeInt,
 		ExpertiseLevel:  config.ExpertiseLevelExpert,
 		ReleaseLevel:    config.ReleaseLevelBeta,
@@ -353,6 +390,7 @@ Examples:
 		Name:            "Prevent Bypassing",
 		Key:             CfgOptionPreventBypassingKey,
 		Description:     "Prevent apps from bypassing the privacy filter: Firefox by disabling DNS-over-HTTPs",
+		Order:           cfgOptionPreventBypassingOrder,
 		OptType:         config.OptTypeInt,
 		ExpertiseLevel:  config.ExpertiseLevelUser,
 		ReleaseLevel:    config.ReleaseLevelBeta,

diff --git a/profile/profile.go b/profile/profile.go
@@ -143,7 +143,7 @@ func (profile *Profile) parseConfig() error {
 		}
 	}
 
-	list, ok = profile.configPerspective.GetAsStringArray(CfgOptionFilterListKey)
+	list, ok = profile.configPerspective.GetAsStringArray(CfgOptionFilterListsKey)
 	if ok {
 		profile.filterListIDs, err = filterlists.ResolveListIDs(list)
 		if err != nil {