From a262574f85b6e773340a39f8e6342a84cec508e7 Mon Sep 17 00:00:00 2001
From: Christopher Laprise <tasket@protonmail.com>
Date: Tue, 13 Feb 2018 17:38:14 -0500
Subject: [PATCH 1/2] Add qubes-firewall.d feature

---
 qubesagent/firewall.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/qubesagent/firewall.py b/qubesagent/firewall.py
index 6145804..170c15d 100755
--- a/qubesagent/firewall.py
+++ b/qubesagent/firewall.py
@@ -62,6 +62,17 @@ class FirewallWorker(object):
         '''Apply rules in given source address'''
         raise NotImplementedError
 
+    def run_firewall_dir(self):
+        '''Run scripts dir contents, before user script'''
+        script_dir_path = '/rw/config/qubes-firewall.d'
+        if not os.path.isdir(script_dir_path):
+            return
+        for d_script in sorted(os.listdir(script_dir_path)):
+            d_script_path = os.path.join(script_dir_path, d_script)
+            if os.path.isfile(d_script_path) and \
+                    os.access(d_script_path, os.X_OK):
+                subprocess.call([d_script_path])
+
     def run_user_script(self):
         '''Run user script in /rw/config'''
         user_script_path = '/rw/config/qubes-firewall-user-script'
@@ -140,6 +151,7 @@ class FirewallWorker(object):
     def main(self):
         self.terminate_requested = False
         self.init()
+        self.run_firewall_dir()
         self.run_user_script()
         # initial load
         for source_addr in self.list_targets():

From 10aee73bd718693106c6690e5c8c1cecb991ae94 Mon Sep 17 00:00:00 2001
From: Christopher Laprise <tasket@protonmail.com>
Date: Tue, 13 Feb 2018 23:39:28 -0500
Subject: [PATCH 2/2] Add /etc/qubes path

---
 qubesagent/firewall.py | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/qubesagent/firewall.py b/qubesagent/firewall.py
index 170c15d..4b8c3b3 100755
--- a/qubesagent/firewall.py
+++ b/qubesagent/firewall.py
@@ -64,14 +64,16 @@ class FirewallWorker(object):
 
     def run_firewall_dir(self):
         '''Run scripts dir contents, before user script'''
-        script_dir_path = '/rw/config/qubes-firewall.d'
-        if not os.path.isdir(script_dir_path):
-            return
-        for d_script in sorted(os.listdir(script_dir_path)):
-            d_script_path = os.path.join(script_dir_path, d_script)
-            if os.path.isfile(d_script_path) and \
-                    os.access(d_script_path, os.X_OK):
-                subprocess.call([d_script_path])
+        script_dir_paths = ['/etc/qubes/qubes-firewall.d',
+                      '/rw/config/qubes-firewall.d']
+        for script_dir_path in script_dir_paths:
+           if not os.path.isdir(script_dir_path):
+               continue
+           for d_script in sorted(os.listdir(script_dir_path)):
+               d_script_path = os.path.join(script_dir_path, d_script)
+               if os.path.isfile(d_script_path) and \
+                       os.access(d_script_path, os.X_OK):
+                   subprocess.call([d_script_path])
 
     def run_user_script(self):
         '''Run user script in /rw/config'''