Reset iptables ACCEPT rule for updates proxy if service is running

2017-02-11 02:11:53 +00:00 · 2017-02-11 02:11:53 +00:00 · 59b025a652
commit 59b025a652
parent 7787d39b6e
1 changed files with 4 additions and 0 deletions
--- a/network/qubes-firewall
+++ b/network/qubes-firewall
@ -51,6 +51,10 @@ while true; do
 		DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($(hostname))" "$OUT" || :
 	fi

+	if [ `systemctl is-active qubes-updates-proxy` = "active" ]; then
+		iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
+	fi
+
 	# Check if user didn't define some custom rules to be applied as well...
 	[ -x /rw/config/qubes-firewall-user-script ] && /rw/config/qubes-firewall-user-script
 	# XXX: Backward compatibility