From d8533bd06199a6337a212ba7639d1880ef389a6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 4 Apr 2015 21:48:03 +0200 Subject: [PATCH] core: do not reset firewal when setting netvm=none It is no longer needed as qubesos/qubes-issues#862 is implemented. --- core-modules/000QubesVm.py | 11 +---------- doc/qvm-tools/qvm-prefs.rst | 2 -- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/core-modules/000QubesVm.py b/core-modules/000QubesVm.py index 1960f352..3393bd7e 100644 --- a/core-modules/000QubesVm.py +++ b/core-modules/000QubesVm.py @@ -430,16 +430,7 @@ class QubesVm(object): if hasattr(self.netvm, 'post_vm_net_detach'): self.netvm.post_vm_net_detach(self) - if new_netvm is None: - if not self._do_not_reset_firewall: - # Set also firewall to block all traffic as discussed in #370 - if os.path.exists(self.firewall_conf): - shutil.copy(self.firewall_conf, os.path.join(system_path["qubes_base_dir"], - "backup", "%s-firewall-%s.xml" % (self.name, - time.strftime('%Y-%m-%d-%H:%M:%S')))) - self.write_firewall_conf({'allow': False, 'allowDns': False, - 'allowIcmp': False, 'allowYumProxy': False, 'rules': []}) - else: + if new_netvm is not None: new_netvm.connected_vms[self.qid]=self self._netvm = new_netvm diff --git a/doc/qvm-tools/qvm-prefs.rst b/doc/qvm-tools/qvm-prefs.rst index f5f9c115..596fa9a2 100644 --- a/doc/qvm-tools/qvm-prefs.rst +++ b/doc/qvm-tools/qvm-prefs.rst @@ -44,8 +44,6 @@ netvm To which NetVM connect. Setting to ``default`` will follow system-global default NetVM (managed by qubes-prefs). Setting to ``none`` will disable networking in this VM. - *Notice:* when setting to ``none``, firewall will be set to block all traffic - it will be used by DispVM started from this VM. Setting back to some NetVM will _NOT_ restore previous firewall settings. - dispvm_netvm Accepted values: netvm name, ``default``, ``none``