network: order qubes-firewall service before enabling IP forwarding
Start qubes-firewall (which will add "DROP by default" rule) before enabling IP forwarding, to not leave a time slot where some connection could go around configured firewall. QubesOS/qubes-issues#3269
This commit is contained in:
Marek Marczykowski-Górecki
parent
6b0013503b
commit
3fb258db47
@ -1,7 +1,8 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Qubes firewall updater
|
Description=Qubes firewall updater
|
||||||
ConditionPathExists=/var/run/qubes-service/qubes-firewall
|
ConditionPathExists=/var/run/qubes-service/qubes-firewall
|
||||||
After=qubes-network.service
|
After=qubes-iptables.service
|
||||||
|
Before=qubes-network.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/sbin/qubes-firewall
|
ExecStart=/usr/sbin/qubes-firewall
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user