Fixed bug with prompt rule / saved rule mismatch on SOCKS connects

sgfw/policy.go

@@ -212,6 +212,7 @@ func (fw *Firewall) policyForPathAndSandbox(path string, sandbox string) *Policy
 			p.icon = entry.icon
 		}
 		fw.policyMap[policykey] = p
+		log.Infof("Creating new policy for path and sandbox: %s\n",policykey)
 		fw.policies = append(fw.policies, p)
 	}
 	return fw.policyMap[policykey]
@@ -322,7 +323,6 @@ func (p *Policy) processNewRule(r *Rule, scope FilterScope) bool {
 	if scope != APPLY_ONCE {
 		p.rules = append(p.rules, r)
 	}
-	log.Noticef("processNewRule: ",r)
 	p.filterPending(r)
 	if len(p.pendingQueue) == 0 {
 		p.promptInProgress = false

sgfw/prompt.go

@@ -2,6 +2,7 @@ package sgfw
 
 import (
 	"fmt"
+	"net"
 	"os/user"
 	"strconv"
 	"strings"
@@ -43,6 +44,7 @@ func (p *prompter) prompt(policy *Policy) {
 		return
 	}
 	p.policyMap[policy.sandbox + "|" + policy.path] = policy
+	fmt.Println("Saving policy key:"+policy.sandbox + "|" + policy.path)
 	p.policyQueue = append(p.policyQueue, policy)
 	p.cond.Signal()
 }
@@ -191,7 +193,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
 	
 	tempRule := fmt.Sprintf("%s|%s",toks[0],toks[1])
 
-	if pc.src() != nil {
+	if (pc.src() != nil && !pc.src().Equal(net.ParseIP("127.0.0.1")) && sandbox != "") {
 
 		//if !strings.HasSuffix(rule, "SYSTEM") && !strings.HasSuffix(rule, "||") {
 			//rule += "||"
@@ -226,7 +228,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
 		r.mode = RULE_MODE_PERMANENT
 		policy.fw.saveRules()
 	}
-	log.Warningf("Creating rule: %v", rule)
+	log.Warningf("Prompt returning rule: %v", rule)
 	dbusp.alertRule("sgfw prompt added new rule")
 }
 

sgfw/rules.go

@@ -228,7 +228,7 @@ func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint
 				*/
 			} else if r.rtype == RULE_ACTION_ALLOW_TLSONLY {
 				result = FILTER_ALLOW_TLSONLY
-					return result
+				return result
 				}
 		} else {
 			log.Notice("+ MATCH FAILED")