Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Do not generate R3 compat firewall rules if R4 format is supported

Browse Source 
R3 format had limitation of ~40 rules per VM. Do not generate compat
rules (possibly hitting that limitation) if new format, free of that
limitation is supported.

Fixes QubesOS/qubes-issues#1570
Fixes QubesOS/qubes-issues#4228
This commit is contained in:
Marek Marczykowski-Górecki 2018-10-15 06:05:05 +02:00
parent e8dc6cb916
commit 133219f6d3
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
qubes/ext/r3compatibility.py
View File

@ -80,6 +80,9 @@ class R3Compatibility(qubes.ext.Extension):
def write_iptables_qubesdb_entry(self, firewallvm): def write_iptables_qubesdb_entry(self, firewallvm):
# pylint: disable=no-self-use # pylint: disable=no-self-use
# skip compatibility rules if new format support is advertised
if firewallvm.features.check_with_template('qubes-firewall', False):
return
firewallvm.untrusted_qdb.rm("/qubes-iptables-domainrules/") firewallvm.untrusted_qdb.rm("/qubes-iptables-domainrules/")
iptables = "# Generated by Qubes Core on {0}\n".format( iptables = "# Generated by Qubes Core on {0}\n".format(
datetime.datetime.now().ctime()) datetime.datetime.now().ctime())