core: do not reset firewal when setting netvm=none

It is no longer needed as qubesos/qubes-issues#862 is implemented.

core-modules/000QubesVm.py

@@ -430,16 +430,7 @@ class QubesVm(object):
                 if hasattr(self.netvm, 'post_vm_net_detach'):
                     self.netvm.post_vm_net_detach(self)
 
-        if new_netvm is None:
+        if new_netvm is not None:
-            if not self._do_not_reset_firewall:
-                # Set also firewall to block all traffic as discussed in #370
-                if os.path.exists(self.firewall_conf):
-                    shutil.copy(self.firewall_conf, os.path.join(system_path["qubes_base_dir"],
-                                "backup", "%s-firewall-%s.xml" % (self.name,
-                                time.strftime('%Y-%m-%d-%H:%M:%S'))))
-                self.write_firewall_conf({'allow': False, 'allowDns': False,
-                        'allowIcmp': False, 'allowYumProxy': False, 'rules': []})
-        else:
             new_netvm.connected_vms[self.qid]=self
 
         self._netvm = new_netvm

doc/qvm-tools/qvm-prefs.rst

@@ -44,8 +44,6 @@ netvm
 
     To which NetVM connect. Setting to ``default`` will follow system-global default NetVM (managed by qubes-prefs). Setting to ``none`` will disable networking in this VM.
 
-    *Notice:* when setting to ``none``, firewall will be set to block all traffic - it will be used by DispVM started from this VM. Setting back to some NetVM will _NOT_ restore previous firewall settings.
-
 dispvm_netvm
     Accepted values: netvm name, ``default``, ``none``