dom0: set firewall to block-all when setting netvm to none (#370)

2011-11-01 15:50:03 +01:00 · 2011-11-01 15:50:03 +01:00 · 47ad186926
commit 47ad186926
parent 870dea1502
2 changed files with 18 additions and 1 deletions
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@ -397,6 +397,23 @@ class QubesVm(object):

        raise QubesException ("Change 'updateable' flag is not supported. Please use qvm-create.")

+
+    def set_netvm_vm(self, netvm_vm):
+        if self.netvm_vm is not None:
+            self.netvm_vm.connected_vms.pop(self.qid)
+
+        if netvm_vm is None:
+            # Set also firewall to block all traffic as discussed in #370
+            if os.path.exists(self.firewall_conf):
+                shutil.copy(self.firewall_conf, "%s/backup/%s-firewall-%s.xml"
+                        % (qubes_base_dir, self.name, time.strftime('%Y-%m-%d-%H:%M:%S')))
+            self.write_firewall_conf({'allow': False, 'allowDns': False,
+                    'allowIcmp': False, 'rules': []})
+        else:
+            netvm_vm.connected_vms[self.qid]=self
+
+        self.netvm_vm = netvm_vm
+
    def is_template(self):
        return isinstance(self, QubesTemplateVm)

--- a/dom0/qvm-tools/qvm-prefs
+++ b/dom0/qvm-tools/qvm-prefs
@ -126,7 +126,7 @@ def set_netvm(vms, vm, args):
            exit (1)
        vm.uses_default_netvm = False

-    vm.netvm_vm = netvm_vm
+    vm.set_netvm_vm(netvm_vm)
    if not vm.is_running():
        return
    # this can fail if VM was not connected to any NetVM