Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'qubesos/pr/95'

Browse Source 
* qubesos/pr/95:
  Add /etc/qubes path
  Add qubes-firewall.d feature
This commit is contained in:
Marek Marczykowski-Górecki 2018-02-14 13:57:02 +01:00
commit 68304ef9f5
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
qubesagent/firewall.py
View File

@ -62,6 +62,19 @@ class FirewallWorker(object):
'''Apply rules in given source address''' '''Apply rules in given source address'''
raise NotImplementedError raise NotImplementedError
def run_firewall_dir(self):
'''Run scripts dir contents, before user script'''
script_dir_paths = ['/etc/qubes/qubes-firewall.d',
'/rw/config/qubes-firewall.d']
for script_dir_path in script_dir_paths:
if not os.path.isdir(script_dir_path):
continue
for d_script in sorted(os.listdir(script_dir_path)):
d_script_path = os.path.join(script_dir_path, d_script)
if os.path.isfile(d_script_path) and \
os.access(d_script_path, os.X_OK):
subprocess.call([d_script_path])
def run_user_script(self): def run_user_script(self):
'''Run user script in /rw/config''' '''Run user script in /rw/config'''
user_script_path = '/rw/config/qubes-firewall-user-script' user_script_path = '/rw/config/qubes-firewall-user-script'
@ -140,6 +153,7 @@ class FirewallWorker(object):
def main(self): def main(self):
self.terminate_requested = False self.terminate_requested = False
self.init() self.init()
self.run_firewall_dir()
self.run_user_script() self.run_user_script()
# initial load # initial load
for source_addr in self.list_targets(): for source_addr in self.list_targets():