Home Explore Help
Sign In
Qubes
/
core-admin
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Do not generate R3 compat firewall rules if R4 format is supported

R3 format had limitation of ~40 rules per VM. Do not generate compat
rules (possibly hitting that limitation) if new format, free of that
limitation is supported.

Fixes QubesOS/qubes-issues#1570
Fixes QubesOS/qubes-issues#4228
Marek Marczykowski-Górecki 5 years ago
parent
e8dc6cb916
commit
133219f6d3
1 changed files with 3 additions and 0 deletions
Split View Show Diff Stats
  1. 3 0
      qubes/ext/r3compatibility.py

+ 3 - 0
qubes/ext/r3compatibility.py
View File 

@@ -80,6 +80,9 @@ class R3Compatibility(qubes.ext.Extension):
 
 
     def write_iptables_qubesdb_entry(self, firewallvm):
 
         # pylint: disable=no-self-use
 
+        # skip compatibility rules if new format support is advertised
 
+        if firewallvm.features.check_with_template('qubes-firewall', False):
 
+            return
 
         firewallvm.untrusted_qdb.rm("/qubes-iptables-domainrules/")
 
         iptables = "# Generated by Qubes Core on {0}\n".format(
 
             datetime.datetime.now().ctime())