|
@@ -37,11 +37,15 @@ EOF
|
|
|
cat > /rw/config/qubes-firewall-user-script <<EOF
|
|
|
#!/bin/sh
|
|
|
|
|
|
-# This script is called in AppVMs after every firewall update (configuration
|
|
|
-# change, starting some VM etc). This is a good place to write own custom
|
|
|
-# firewall rules, in addition to autogenerated ones. Remember that in most cases
|
|
|
-# you'll need to insert the rules at the beginning (iptables -I) for it to be
|
|
|
-# effective.
|
|
|
+# This script is called at AppVM boot if this AppVM has the qubes-firewall
|
|
|
+# service enabled. It is executed after the empty chains for the Qubes firewall
|
|
|
+# are created, but before rules for attached qubes are processed and inserted.
|
|
|
+#
|
|
|
+# It is a good place for custom rules and actions that should occur when the
|
|
|
+# firewall service is started.
|
|
|
+#
|
|
|
+# Executable scripts located in /rw/config/qubes-firewall.d are executed
|
|
|
+# immediately before this qubes-firewall-user-script.
|
|
|
EOF
|
|
|
chmod 755 /rw/config/qubes-firewall-user-script
|
|
|
|