From 02514b1347706f947b31dcbd7c1ebe8c5594657a Mon Sep 17 00:00:00 2001
From: Rafal Wojtczuk <rafal@invisiblethingslab.com>
Date: Mon, 4 Apr 2011 17:07:46 +0200
Subject: [PATCH] If the firewall rules file does not exist, assume ALLOW
 (#188)

So that newly created appvms have net access.
---
 dom0/qvm-core/qubes.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index 7726b057..3cb90d67 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -1390,13 +1390,16 @@ class QubesProxyVm(QubesNetVm):
         qvm_collection.load()
         qvm_collection.unlock_db()
 
-        vms = [vm for vm in qvm_collection.values() if vm.has_firewall()]
+        vms = [vm for vm in qvm_collection.values()]
         for vm in vms:
             # Process only VMs connected to this ProxyVM
             if not vm.netvm_vm or vm.netvm_vm.qid != self.qid:
                 continue
 
-            conf = vm.get_firewall_conf()
+            if vm.has_firewall():
+                conf = vm.get_firewall_conf()
+            else:
+                conf = { "rules": list(), "allow": True, "allowDns": True, "allowIcmp": True }
 
             xid = vm.get_xid()
             if xid < 0: # VM not active ATM