From 9de77d7fe42dfd9171fe51f07823b45e8351c7fc Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Fri, 9 Mar 2012 01:44:27 +0100
Subject: [PATCH] vm/qvm-firewall: force firewall reload on service start
 (#478)

This makes firewall reload triggered by qubes-netwatcher working again.
---
 network/qubes_firewall | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/network/qubes_firewall b/network/qubes_firewall
index 81dbca7..30670b8 100755
--- a/network/qubes_firewall
+++ b/network/qubes_firewall
@@ -12,13 +12,20 @@ echo $$ >$PIDFILE
 
 trap 'exit 0' SIGTERM
 
+FIRST_TIME=yes
+
 while true; do
 
 	echo "1" > /proc/sys/net/ipv4/ip_forward
 
-	# Wait for changes in xenstore file
-	/usr/bin/xenstore-watch-qubes $XENSTORE_IPTABLES
-	TRIGGER=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES)
+	if [ "$FIRST_TIME" ]; then
+		FIRST_TIME=
+		TRIGGER=reload
+	else
+		# Wait for changes in xenstore file
+		/usr/bin/xenstore-watch-qubes $XENSTORE_IPTABLES
+		TRIGGER=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES)
+	fi
 
 	if ! [ "$TRIGGER" = "reload" ]; then continue ; fi