Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

dom0: set firewall to block-all when setting netvm to none (#370)

Browse Source
This commit is contained in:
Marek Marczykowski 2011-11-01 15:50:03 +01:00
parent 870dea1502
commit 47ad186926
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
dom0/qvm-core/qubes.py
View File

@ -397,6 +397,23 @@ class QubesVm(object):
raise QubesException ("Change 'updateable' flag is not supported. Please use qvm-create.") raise QubesException ("Change 'updateable' flag is not supported. Please use qvm-create.")
def set_netvm_vm(self, netvm_vm):
if self.netvm_vm is not None:
self.netvm_vm.connected_vms.pop(self.qid)
if netvm_vm is None:
# Set also firewall to block all traffic as discussed in #370
if os.path.exists(self.firewall_conf):
shutil.copy(self.firewall_conf, "%s/backup/%s-firewall-%s.xml"
% (qubes_base_dir, self.name, time.strftime('%Y-%m-%d-%H:%M:%S')))
self.write_firewall_conf({'allow': False, 'allowDns': False,
'allowIcmp': False, 'rules': []})
else:
netvm_vm.connected_vms[self.qid]=self
self.netvm_vm = netvm_vm
def is_template(self): def is_template(self):
return isinstance(self, QubesTemplateVm) return isinstance(self, QubesTemplateVm)

2
dom0/qvm-tools/qvm-prefs
View File

@ -126,7 +126,7 @@ def set_netvm(vms, vm, args):
exit (1) exit (1)
vm.uses_default_netvm = False vm.uses_default_netvm = False
vm.netvm_vm = netvm_vm vm.set_netvm_vm(netvm_vm)
if not vm.is_running(): if not vm.is_running():
return return
# this can fail if VM was not connected to any NetVM # this can fail if VM was not connected to any NetVM