Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

network: order qubes-firewall service before enabling IP forwarding

Browse Source 
Start qubes-firewall (which will add "DROP by default" rule) before
enabling IP forwarding, to not leave a time slot where some connection
could go around configured firewall.

QubesOS/qubes-issues#3269
This commit is contained in:
Marek Marczykowski-Górecki 2017-11-20 02:42:39 +01:00
parent 6b0013503b
commit 3fb258db47
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
vm-systemd/qubes-firewall.service
View File

@ -1,7 +1,8 @@
[Unit]
Description=Qubes firewall updater
ConditionPathExists=/var/run/qubes-service/qubes-firewall
After=qubes-network.service
After=qubes-iptables.service
Before=qubes-network.service
[Service]
ExecStart=/usr/sbin/qubes-firewall