Merge remote-tracking branch 'origin/pr/282'

Fixes QubesOS/qubes-issues#6291 * origin/pr/282: Fix comments in default qubes-firewall-user-script
2021-01-03 04:20:04 +01:00 · 2021-01-03 04:20:04 +01:00 · 882059d494
commit 882059d494
parent ff86bf9fff c25513f930
1 changed files with 9 additions and 5 deletions
--- a/init/setup-rw.sh
+++ b/init/setup-rw.sh
@ -37,11 +37,15 @@ EOF
        cat > /rw/config/qubes-firewall-user-script <<EOF
 #!/bin/sh

-# This script is called in AppVMs after every firewall update (configuration
-# change, starting some VM etc). This is a good place to write own custom
-# firewall rules, in addition to autogenerated ones. Remember that in most cases
-# you'll need to insert the rules at the beginning (iptables -I) for it to be
-# effective.
+# This script is called at AppVM boot if this AppVM has the qubes-firewall
+# service enabled. It is executed after the empty chains for the Qubes firewall
+# are created, but before rules for attached qubes are processed and inserted.
+#
+# It is a good place for custom rules and actions that should occur when the
+# firewall service is started.
+# 
+# Executable scripts located in /rw/config/qubes-firewall.d are executed
+# immediately before this qubes-firewall-user-script.
 EOF
        chmod 755 /rw/config/qubes-firewall-user-script