From 7c2c9416782aece7c94bfdce9a2bd6d64e96c995 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Fri, 4 Jun 2010 13:28:29 +0200 Subject: [PATCH] Get rid of /sbin/iptables from qubes_core in netvm --- netvm/iptables | 16 +++++++++------- netvm/qubes_core | 3 +-- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/netvm/iptables b/netvm/iptables index bbe68df6..3d01ee2f 100644 --- a/netvm/iptables +++ b/netvm/iptables @@ -1,13 +1,15 @@ -# Generated by iptables-save v1.4.5 on Thu May 20 06:02:32 2010 +# Generated by iptables-save v1.4.5 on Fri Jun 4 07:17:12 2010 *nat -:PREROUTING ACCEPT [2:362] -:POSTROUTING ACCEPT [4:228] +:PREROUTING ACCEPT [8:818] +:POSTROUTING ACCEPT [1:84] :OUTPUT ACCEPT [0:0] +-A POSTROUTING -o br+ -j ACCEPT +-A POSTROUTING -j MASQUERADE COMMIT -# Completed on Thu May 20 06:02:32 2010 -# Generated by iptables-save v1.4.5 on Thu May 20 06:02:32 2010 +# Completed on Fri Jun 4 07:17:12 2010 +# Generated by iptables-save v1.4.5 on Fri Jun 4 07:17:12 2010 *filter -:INPUT ACCEPT [3:84] +:INPUT ACCEPT [168:4704] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i br+ -p udp -m udp --dport 68 -j DROP @@ -17,4 +19,4 @@ COMMIT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -j DROP COMMIT -# Completed on Thu May 20 06:02:32 2010 +# Completed on Fri Jun 4 07:17:12 2010 diff --git a/netvm/qubes_core b/netvm/qubes_core index eade0eaf..d63fbe2a 100755 --- a/netvm/qubes_core +++ b/netvm/qubes_core @@ -35,8 +35,7 @@ start() #now done by iptables rc script # iptables -t nat -A POSTROUTING -s $network/$netmask -j MASQUERADE #no, we cannot put ip-dependent stuff in sysconfig/iptables - iptables -t nat -A POSTROUTING -s $network/$netmask -d 224.0.0.0/8 -j ACCEPT - iptables -t nat -A POSTROUTING -s $network/$netmask \! -d $network/$netmask -j MASQUERADE +#so make it ip-independent success echo "" return 0