Get rid of /sbin/iptables from qubes_core in netvm

This commit is contained in:
Rafal Wojtczuk 2010-06-04 13:28:29 +02:00
parent 4e6e4115e2
commit 7c2c941678
2 changed files with 10 additions and 9 deletions

View File

@ -1,13 +1,15 @@
# Generated by iptables-save v1.4.5 on Thu May 20 06:02:32 2010 # Generated by iptables-save v1.4.5 on Fri Jun 4 07:17:12 2010
*nat *nat
:PREROUTING ACCEPT [2:362] :PREROUTING ACCEPT [8:818]
:POSTROUTING ACCEPT [4:228] :POSTROUTING ACCEPT [1:84]
:OUTPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
-A POSTROUTING -o br+ -j ACCEPT
-A POSTROUTING -j MASQUERADE
COMMIT COMMIT
# Completed on Thu May 20 06:02:32 2010 # Completed on Fri Jun 4 07:17:12 2010
# Generated by iptables-save v1.4.5 on Thu May 20 06:02:32 2010 # Generated by iptables-save v1.4.5 on Fri Jun 4 07:17:12 2010
*filter *filter
:INPUT ACCEPT [3:84] :INPUT ACCEPT [168:4704]
:FORWARD ACCEPT [0:0] :FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
-A INPUT -i br+ -p udp -m udp --dport 68 -j DROP -A INPUT -i br+ -p udp -m udp --dport 68 -j DROP
@ -17,4 +19,4 @@ COMMIT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j DROP -A FORWARD -j DROP
COMMIT COMMIT
# Completed on Thu May 20 06:02:32 2010 # Completed on Fri Jun 4 07:17:12 2010

View File

@ -35,8 +35,7 @@ start()
#now done by iptables rc script #now done by iptables rc script
# iptables -t nat -A POSTROUTING -s $network/$netmask -j MASQUERADE # iptables -t nat -A POSTROUTING -s $network/$netmask -j MASQUERADE
#no, we cannot put ip-dependent stuff in sysconfig/iptables #no, we cannot put ip-dependent stuff in sysconfig/iptables
iptables -t nat -A POSTROUTING -s $network/$netmask -d 224.0.0.0/8 -j ACCEPT #so make it ip-independent
iptables -t nat -A POSTROUTING -s $network/$netmask \! -d $network/$netmask -j MASQUERADE
success success
echo "" echo ""
return 0 return 0