|
@@ -366,7 +366,7 @@ class NetVMMixin(qubes.events.Emitter):
|
|
|
if self.netvm is None:
|
|
|
return
|
|
|
|
|
|
- '''Recursively resolve netvm until tone has no netvm set'''
|
|
|
+ '''Recursively resolve netvm until no netvm is set, order is important'''
|
|
|
netpath = list()
|
|
|
netvm = self.netvm
|
|
|
while netvm:
|
|
@@ -390,10 +390,17 @@ class NetVMMixin(qubes.events.Emitter):
|
|
|
# remove old entries if any (but don't touch base empty entry - it
|
|
|
# would trigger reload right away
|
|
|
self.untrusted_qdb.rm(base_dir)
|
|
|
- # write new rules
|
|
|
+ # write new accept/drop rules
|
|
|
for key, value in vm.firewall.qdb_entries(
|
|
|
addr_family=addr_family).items():
|
|
|
self.untrusted_qdb.write(base_dir + key, value)
|
|
|
+ base_dir = '/qubes-firewall-forward/{}/'.format(ip)
|
|
|
+ self.untrusted_qdb.rm(base_dir)
|
|
|
+ # write new forward rules
|
|
|
+ for key, value in vm.firewall.qdb_forward_entries(
|
|
|
+ addr_family=addr_family).items():
|
|
|
+ for netvm in netpath:
|
|
|
+ self.untrusted_qdb.write(base_dir + key, value)
|
|
|
# signal its done
|
|
|
self.untrusted_qdb.write(base_dir[:-1], '')
|
|
|
|