Merge remote-tracking branch 'qubesos/pr/38'

* qubesos/pr/38: Reset iptables ACCEPT rule for updates proxy if service is running
2017-02-13 00:03:43 +01:00 · 2017-02-13 00:03:43 +01:00 · 961455657d
commit 961455657d
parent 08edfa630d 59b025a652
1 changed files with 4 additions and 0 deletions
--- a/network/qubes-firewall
+++ b/network/qubes-firewall
@ -51,6 +51,10 @@ while true; do
 		DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($(hostname))" "$OUT" || :
 	fi

+	if [ `systemctl is-active qubes-updates-proxy` = "active" ]; then
+		iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
+	fi
+
 	# Check if user didn't define some custom rules to be applied as well...
 	[ -x /rw/config/qubes-firewall-user-script ] && /rw/config/qubes-firewall-user-script
 	# XXX: Backward compatibility