Home Explore Help
Sign In
Qubes
/
core-agent-linux
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

network: order qubes-firewall service before enabling IP forwarding

Start qubes-firewall (which will add "DROP by default" rule) before
enabling IP forwarding, to not leave a time slot where some connection
could go around configured firewall.

QubesOS/qubes-issues#3269
Marek Marczykowski-Górecki 6 years ago
parent
6b0013503b
commit
3fb258db47
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      vm-systemd/qubes-firewall.service

+ 2 - 1
vm-systemd/qubes-firewall.service
View File 

@@ -1,7 +1,8 @@
 
 [Unit]
 
 Description=Qubes firewall updater
 
 ConditionPathExists=/var/run/qubes-service/qubes-firewall
 
-After=qubes-network.service
 
+After=qubes-iptables.service
 
+Before=qubes-network.service
 
 
 [Service]
 
 ExecStart=/usr/sbin/qubes-firewall