From 59b025a652b109f6b6a14d10ad573dc688d80e76 Mon Sep 17 00:00:00 2001
From: unman <unman@thirdeyesecurity.org>
Date: Sat, 11 Feb 2017 02:11:53 +0000
Subject: [PATCH] Reset iptables ACCEPT rule for updates proxy if service is
 running

---
 network/qubes-firewall | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/network/qubes-firewall b/network/qubes-firewall
index 8ee2df1..ccef4a0 100755
--- a/network/qubes-firewall
+++ b/network/qubes-firewall
@@ -51,6 +51,10 @@ while true; do
 		DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($(hostname))" "$OUT" || :
 	fi
 
+	if [ `systemctl is-active qubes-updates-proxy` = "active" ]; then
+		iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
+	fi
+
 	# Check if user didn't define some custom rules to be applied as well...
 	[ -x /rw/config/qubes-firewall-user-script ] && /rw/config/qubes-firewall-user-script
 	# XXX: Backward compatibility