Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

In dom0, block dhcp replies from vms.

Browse Source 
Relevant only if using dom0 as netvm. It is already done in "real" netvm.
This commit is contained in:
Rafal Wojtczuk 2010-06-25 12:05:39 -04:00
parent 149dd96bd3
commit 42ce721063
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dom0/init.d/iptables
View File

@ -12,6 +12,8 @@ COMMIT
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i br+ -p udp -m udp --dport 68 -j DROP
-A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT