network: use iptables-restore instead of iptables --wait
The later one is present only in latest iptables version - especially debian does not have it. But we need to handle "Device or resources busy" problem somehow.
This commit is contained in:
parent
5176228abc
commit
2bfc6edddc
@ -47,17 +47,14 @@ domid=${domid/.*/}
|
||||
# 32752 is max XID aka domid
|
||||
metric=$[ 32752 - $domid ]
|
||||
|
||||
if iptables --help |grep -q -- --wait; then
|
||||
wait=--wait
|
||||
fi
|
||||
|
||||
if [ "${ip}" ] ; then
|
||||
# If we've been given a list of IP addresses, then add routes from dom0 to
|
||||
# the guest using those addresses.
|
||||
for addr in ${ip} ; do
|
||||
${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} metric $metric
|
||||
done
|
||||
${cmdprefix} iptables $wait -t raw $iptables_cmd -i ${vif} \! -s ${ip} -j DROP
|
||||
echo -e "*raw\n$iptables_cmd -i ${vif} ! -s ${ip} -j DROP\nCOMMIT" | \
|
||||
${cmdprefix} iptables-restore --noflush
|
||||
back_ip=`qubesdb-read /qubes-netvm-gateway`
|
||||
${cmdprefix} ip addr ${ipcmd} ${back_ip}/32 dev ${vif}
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user