Merge pull request #281 from safing/fix/allow-block-naming

Unify allow/block naming in messages
2025-09-01 18:19:12 +00:00 · 2021-03-30 14:26:36 +02:00 · 2021-03-30 14:26:36 +02:00 · a305c4e81c
commit a305c4e81c
parent 516a6661fa 4b2db03957
5 changed files with 15 additions and 15 deletions
--- a/firewall/master.go
+++ b/firewall/master.go
@ -92,7 +92,7 @@ func DecideOnConnection(ctx context.Context, conn *network.Connection, pkt packe
 		// Run all deciders and return if they came to a conclusion.
 		done, _ := runDeciders(ctx, dnsFromSystemResolverDeciders, conn, pkt)
 		if !done {
-			conn.Accept("permitting system resolver dns request", noReasonOptionKey)
+			conn.Accept("allowing system resolver dns request", noReasonOptionKey)
 		}
 		return
 	}
@ -106,11 +106,11 @@ func DecideOnConnection(ctx context.Context, conn *network.Connection, pkt packe
 	// Deciders did not conclude, use default action.
 	switch defaultAction {
 	case profile.DefaultActionPermit:
-		conn.Accept("default permit", profile.CfgOptionDefaultActionKey)
+		conn.Accept("allowed by default action", profile.CfgOptionDefaultActionKey)
 	case profile.DefaultActionAsk:
 		prompt(ctx, conn, pkt)
 	default:
-		conn.Deny("default block", profile.CfgOptionDefaultActionKey)
+		conn.Deny("blocked by default action", profile.CfgOptionDefaultActionKey)
 	}
 }

@ -489,7 +489,7 @@ matchLoop:
 	}

 	if related {
-		reason = fmt.Sprintf("auto permitted: domain is related to process: %s is related to %s", domainElement, processElement)
+		reason = fmt.Sprintf("auto allowed: domain is related to process: %s is related to %s", domainElement, processElement)
 	}
 	return related, reason
 }
--- a/firewall/prompt.go
+++ b/firewall/prompt.go
@ -66,7 +66,7 @@ func prompt(ctx context.Context, conn *network.Connection, pkt packet.Packet) {
 	case promptResponse := <-n.Response():
 		switch promptResponse {
 		case allowDomainAll, allowDomainDistinct, allowIP, allowServingIP:
-			conn.Accept("permitted via prompt", profile.CfgOptionEndpointsKey)
+			conn.Accept("allowed via prompt", profile.CfgOptionEndpointsKey)
 		default: // deny
 			conn.Deny("blocked via prompt", profile.CfgOptionEndpointsKey)
 		}
@ -152,7 +152,7 @@ func createPrompt(ctx context.Context, conn *network.Connection, pkt packet.Pack
 		if action != "" {
 			switch action {
 			case allowDomainAll, allowDomainDistinct, allowIP, allowServingIP:
-				conn.Accept("permitted via prompt", profile.CfgOptionEndpointsKey)
+				conn.Accept("allowed via prompt", profile.CfgOptionEndpointsKey)
 			default: // deny
 				conn.Deny("blocked via prompt", profile.CfgOptionEndpointsKey)
 			}
--- a/profile/config.go
+++ b/profile/config.go
@ -105,13 +105,13 @@ var (

 func registerConfiguration() error {
 	// Default Filter Action
-	// permit - blocklist mode: everything is permitted unless blocked
+	// permit - blocklist mode: everything is allowed unless blocked
 	// ask - ask mode: if not verdict is found, the user is consulted
-	// block - allowlist mode: everything is blocked unless permitted
+	// block - allowlist mode: everything is blocked unless explicitly allowed
 	err := config.Register(&config.Option{
 		Name:         "Default Action",
 		Key:          CfgOptionDefaultActionKey,
-		Description:  `The default action when nothing else permits or blocks an outgoing connection. Incoming connections are always blocked by default.`,
+		Description:  `The default action when nothing else allows or blocks an outgoing connection. Incoming connections are always blocked by default.`,
 		OptType:      config.OptTypeString,
 		DefaultValue: "permit",
 		Annotations: config.Annotations{
@ -121,9 +121,9 @@ func registerConfiguration() error {
 		},
 		PossibleValues: []config.PossibleValue{
 			{
-				Name:        "Permit",
+				Name:        "Allow",
 				Value:       "permit",
-				Description: "Permit all connections",
+				Description: "Allow all connections",
 			},
 			{
 				Name:        "Block",
@ -146,9 +146,9 @@ func registerConfiguration() error {
 	// Disable Auto Permit
 	err = config.Register(&config.Option{
 		// TODO: Check how to best handle negation here.
-		Name:         "Disable Auto Permit",
+		Name:         "Disable Auto Allow",
 		Key:          CfgOptionDisableAutoPermitKey,
-		Description:  `Auto Permit searches for a relation between an app and the destination of a connection - if there is a correlation, the connection will be permitted.`,
+		Description:  `Auto Allow searches for a relation between an app and the destination of a connection - if there is a correlation, the connection will be allowed.`,
 		OptType:      config.OptTypeInt,
 		ReleaseLevel: config.ReleaseLevelBeta,
 		DefaultValue: status.SecurityLevelsAll,
--- a/profile/endpoints/reason.go
+++ b/profile/endpoints/reason.go
@ -23,7 +23,7 @@ type reason struct {
 func (r *reason) String() string {
 	prefix := "denied by rule: "
 	if r.Permitted {
-		prefix = "permitted by rule: "
+		prefix = "allowed by rule: "
 	}

 	return prefix + r.description + " " + r.Value
--- a/resolver/resolve.go
+++ b/resolver/resolve.go
@ -320,7 +320,7 @@ func resolveAndCache(ctx context.Context, q *Query, oldCache *RRCache) (rrCache
 			// we are offline and this is not an online check query
 			return oldCache, ErrOffline
 		}
-		log.Tracer(ctx).Debugf("resolver: permitting online status test domain %s to resolve even though offline", q.FQDN)
+		log.Tracer(ctx).Debugf("resolver: allowing online status test domain %s to resolve even though offline", q.FQDN)
 	}

 	// start resolving