8da2dd6957
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is triggered by dhclient or NetworkManager, and manually (in case there is a static resolv.conf). Put IP-dependent rules in qubes-core, after local ip is known. It could be further improved by introducing custom chains, to enable iptables save. Restrict FORWARD.
90 lines
2.0 KiB
Bash
Executable File
90 lines
2.0 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# chkconfig: 345 90 90
|
|
# description: Executes Qubes core scripts at VM boot
|
|
#
|
|
# Source function library.
|
|
. /etc/rc.d/init.d/functions
|
|
|
|
start()
|
|
{
|
|
echo -n $"Executing Qubes Core scripts:"
|
|
|
|
if ! [ -d /rw/home ] ; then
|
|
echo
|
|
echo "--> Virgin boot of the VM: Linking /home to /rw/home"
|
|
mv /home /home.orig
|
|
mkdir -p /rw/config
|
|
mkdir -p /rw/home
|
|
ln -s /rw/home/ /home
|
|
# chcon --reference /home.orig /rw/home
|
|
cp -a /home.orig/user /home
|
|
touch /rw/config/rc.local
|
|
rm -fr /home.orig
|
|
touch /var/lib/qubes/first_boot_completed
|
|
else
|
|
mv /home /home.tmpl
|
|
ln -s /rw/home/ /home
|
|
fi
|
|
|
|
|
|
if ! [ -x /usr/bin/xenstore-read ] ; then
|
|
echo "ERROR: /usr/bin/xenstore-read not found!"
|
|
exit 1
|
|
fi
|
|
|
|
name=$(/usr/bin/xenstore-read name)
|
|
hostname $name
|
|
|
|
vmtype=$(/usr/bin/xenstore-read qubes_vm_type)
|
|
|
|
if [ $vmtype == 'NetVM' ] ; then
|
|
# Setup gateway for all the VMs this netVM is serviceing...
|
|
brctl addbr br0
|
|
gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway)
|
|
netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask)
|
|
network=$(/usr/bin/xenstore-read qubes_netvm_network)
|
|
ifconfig br0 $gateway netmask $netmask up
|
|
echo "1" > /proc/sys/net/ipv4/ip_forward
|
|
dnsmasq
|
|
iptables -t nat -A POSTROUTING -s $network/$netmask -j MASQUERADE
|
|
else
|
|
ip=$(/usr/bin/xenstore-read qubes_ip)
|
|
netmask=$(/usr/bin/xenstore-read qubes_netmask)
|
|
gateway=$(/usr/bin/xenstore-read qubes_gateway)
|
|
secondary_dns=$(/usr/bin/xenstore-read qubes_secondary_dns)
|
|
if [ x$ip != x ]; then
|
|
/sbin/ifconfig eth0 $ip netmask $netmask up
|
|
/sbin/route add default gw $gateway
|
|
echo "nameserver $gateway" > /etc/resolv.conf
|
|
echo "nameserver $secondary_dns" >> /etc/resolv.conf
|
|
fi
|
|
fi
|
|
|
|
|
|
[ -x /rw/config/rc.local ] && /rw/config/rc.local
|
|
success
|
|
echo ""
|
|
return 0
|
|
}
|
|
|
|
stop()
|
|
{
|
|
return 0
|
|
}
|
|
|
|
case "$1" in
|
|
start)
|
|
start
|
|
;;
|
|
stop)
|
|
stop
|
|
;;
|
|
*)
|
|
echo $"Usage: $0 {start|stop}"
|
|
exit 3
|
|
;;
|
|
esac
|
|
|
|
exit $RETVAL
|