Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed default policy handling in firewall rules

Browse Source
This commit is contained in:
Tomasz Sterna 2011-03-18 14:12:19 +01:00
parent d82001819d
commit aa58bec1d9
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dom0/qvm-core/qubes.py
View File

@ -1189,12 +1189,12 @@ class QubesProxyVm(QubesNetVm):
reject_action = "REJECT --reject-with icmp-host-prohibited" reject_action = "REJECT --reject-with icmp-host-prohibited"
if conf["allow"]: if conf["allow"]:
rules_action = accept_action default_action = accept_action
default_action = reject_action rules_action = reject_action
iptables += "-A FORWARD -i vif{0}.0 -p icmp -j ACCEPT\n".format(xid) iptables += "-A FORWARD -i vif{0}.0 -p icmp -j ACCEPT\n".format(xid)
else: else:
rules_action = reject_action default_action = reject_action
default_action = accept_action rules_action = accept_action
for rule in conf["rules"]: for rule in conf["rules"]:
iptables += "-A FORWARD -i vif{0}.0 -d {1}".format(xid, rule["address"]) iptables += "-A FORWARD -i vif{0}.0 -d {1}".format(xid, rule["address"])