From 04a6b01b1b8992acd4712d697b80dba6b37d66bf Mon Sep 17 00:00:00 2001
From: Tomasz Sterna <tomek@xiaoka.com>
Date: Sun, 27 Mar 2011 17:23:58 +0200
Subject: [PATCH] Do not allow NEW connection to VM through ProxyVM. #136

---
 dom0/qvm-core/qubes.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index ee5d6463..c3462358 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -1333,7 +1333,7 @@ class QubesProxyVm(QubesNetVm):
             iptables += "-A FORWARD -i vif{0}.0 -j {1}\n".format(xid, default_action)
 
         iptables += "#End of VM rules\n"
-        iptables += "-A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT\n"
+        iptables += "-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT\n"
         iptables += "-A FORWARD -j DROP\n"
 
         iptables += "COMMIT"