From 99ea8dddbe27532a25c80acd0cdad3b1f71174cb Mon Sep 17 00:00:00 2001
From: Giulio <giulio@gmx.com>
Date: Tue, 29 Jun 2021 13:15:14 +0200
Subject: [PATCH] Added separation between external/internal in
 qdb_forward_entries

---
 qubes/firewall.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/qubes/firewall.py b/qubes/firewall.py
index 6011a659..a89e3eee 100644
--- a/qubes/firewall.py
+++ b/qubes/firewall.py
@@ -694,7 +694,10 @@ class Firewall:
         directly separate forwarding rules from standard rules since they need
         to be handled differently later.
         '''
-        entries = {}
+        entries = {
+            "internal": [],
+            "external": []
+        }
         if addr_family is not None:
             exclude_dsttype = 'dst4' if addr_family == 6 else 'dst6'
         for ruleno, rule in zip(itertools.count(), self.rules):
@@ -706,5 +709,10 @@ class Firewall:
             # include only forwarding rules
             if rule.action != "forward":
                 continue
-            entries['{:04}'.format(ruleno)] = rule.rule
+            if rule.forwardtype == "internal":
+                entries["internal"]['{:04}'.format(ruleno)] = rule.rule
+            elif rule.forwardype == "external":
+                entries["external"]['{:04}'.format(ruleno)] = rule.rule
+            else:
+                raise ValueError('invalid forwardtype for rule')
         return entries