2 years ago · 787cb1170b
--- a/qubes/firewall.py
+++ b/qubes/firewall.py
@@ -689,15 +689,12 @@ class Firewall:
 
															             entries['{:04}'.format(ruleno)] = rule.rule
														
 
															         return entries
														
 
															-    def qdb_forward_entries(self, addr_family=None):
														
 
															+    def qdb_forward_entries(self, addr_family=None, type):
														
 
															         ''' In order to keep all the 'parsing' logic here and not in net.py,
														
 
															         directly separate forwarding rules from standard rules since they need
														
 
															         to be handled differently later.
														
 
															         '''
														
 
															-        entries = {
														
 
															-            "internal": [],
														
 
															-            "external": []
														
 
															-        }
														
 
															+        entries = {}
														
 
															         if addr_family is not None:
														
 
															             exclude_dsttype = 'dst4' if addr_family == 6 else 'dst6'
														
 
															         for ruleno, rule in zip(itertools.count(), self.rules):
														
@@ -709,10 +706,6 @@ class Firewall:
 
															             # include only forwarding rules
														
 
															             if rule.action != "forward":
														
 
															                 continue
														
 
															-            if rule.forwardtype == "internal":
														
 
															-                entries["internal"]['{:04}'.format(ruleno)] = rule.rule
														
 
															-            elif rule.forwardype == "external":
														
 
															-                entries["external"]['{:04}'.format(ruleno)] = rule.rule
														
 
															-            else:
														
 
															-                raise ValueError('invalid forwardtype for rule')
														
 
															+            if rule.forwardtype == type:
														
 
															+                entries['{:04}'.format(ruleno)] = rule.rule
														
 
															         return entries            
														
--- a/qubes/vm/mix/net.py
+++ b/qubes/vm/mix/net.py
@@ -398,7 +398,12 @@ class NetVMMixin(qubes.events.Emitter):
 
															             self.untrusted_qdb.rm(base_dir)
														
 
															             # write new forward rules
														
 
															             for key, value in vm.firewall.qdb_forward_entries(
														
 
															-                    addr_family=addr_family).items():
														
 
															+                    addr_family=addr_family, "internal").items():
														
 
															+                        # code here
														
 
															+            # signal its done
														
 
															+            for key, value in vm.firewall.qdb_forward_entries(
														
 
															+                    addr_family=addr_family, "external").items():
														
 
															+                    # to fix
														
 
															                     for netvm in netpath:
														
 
															                         self.untrusted_qdb.write(base_dir + key, value)
														
 
															             # signal its done