From aa58bec1d9d5d1d5877ef7aa9f217b05ccd9d400 Mon Sep 17 00:00:00 2001
From: Tomasz Sterna <tomek@xiaoka.com>
Date: Fri, 18 Mar 2011 14:12:19 +0100
Subject: [PATCH] Fixed default policy handling in firewall rules

---
 dom0/qvm-core/qubes.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index 176673dd..dd36bfd4 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -1189,12 +1189,12 @@ class QubesProxyVm(QubesNetVm):
             reject_action = "REJECT --reject-with icmp-host-prohibited"
 
             if conf["allow"]:
-                rules_action = accept_action
-                default_action = reject_action
+                default_action = accept_action
+                rules_action = reject_action
                 iptables += "-A FORWARD -i vif{0}.0 -p icmp -j ACCEPT\n".format(xid)
             else:
-                rules_action = reject_action
-                default_action = accept_action
+                default_action = reject_action
+                rules_action = accept_action
 
             for rule in conf["rules"]:
                 iptables += "-A FORWARD -i vif{0}.0 -d {1}".format(xid, rule["address"])