dom0/core: fix handling ProxyVM netvm set to None

dom0/qvm-core/qubes.py

@@ -2059,6 +2059,7 @@ class QubesProxyVm(QubesNetVm):
         if dry_run:
             return
         retcode = super(QubesProxyVm, self).start(**kwargs)
+        if self.netvm is not None:
             self.netvm.add_external_ip_permission(self.get_xid())
         self.write_netvm_domid_entry()
         return retcode
@@ -2066,6 +2067,7 @@ class QubesProxyVm(QubesNetVm):
     def force_shutdown(self, **kwargs):
         if dry_run:
             return
+        if self.netvm is not None:
             self.netvm.remove_external_ip_permission(kwargs['xid'] if 'xid' in kwargs else self.get_xid())
         super(QubesProxyVm, self).force_shutdown(**kwargs)
 
@@ -2158,7 +2160,7 @@ class QubesProxyVm(QubesNetVm):
 
                 iptables += " -j {0}\n".format(rules_action)
 
-            if conf["allowDns"]:
+            if conf["allowDns"] and self.netvm is not None:
                 # PREROUTING does DNAT to NetVM DNSes, so we need self.netvm. properties
                 iptables += "-A FORWARD -s {0} -p udp -d {1} --dport 53 -j ACCEPT\n".format(ip,self.netvm.gateway)
                 iptables += "-A FORWARD -s {0} -p udp -d {1} --dport 53 -j ACCEPT\n".format(ip,self.netvm.secondary_dns)
@@ -2936,6 +2938,9 @@ class QubesVmCollection(dict):
         else:
             vm.uses_default_netvm = True if kwargs["uses_default_netvm"] == "True" else False
         if vm.uses_default_netvm is True:
+            if vm.is_proxyvm():
+                netvm = self.get_default_fw_netvm()
+            else:
                 netvm = self.get_default_netvm()
             kwargs.pop("netvm_qid")
         else: