From a262574f85b6e773340a39f8e6342a84cec508e7 Mon Sep 17 00:00:00 2001
From: Christopher Laprise <tasket@protonmail.com>
Date: Tue, 13 Feb 2018 17:38:14 -0500
Subject: [PATCH] Add qubes-firewall.d feature

---
 qubesagent/firewall.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/qubesagent/firewall.py b/qubesagent/firewall.py
index 6145804..170c15d 100755
--- a/qubesagent/firewall.py
+++ b/qubesagent/firewall.py
@@ -62,6 +62,17 @@ class FirewallWorker(object):
         '''Apply rules in given source address'''
         raise NotImplementedError
 
+    def run_firewall_dir(self):
+        '''Run scripts dir contents, before user script'''
+        script_dir_path = '/rw/config/qubes-firewall.d'
+        if not os.path.isdir(script_dir_path):
+            return
+        for d_script in sorted(os.listdir(script_dir_path)):
+            d_script_path = os.path.join(script_dir_path, d_script)
+            if os.path.isfile(d_script_path) and \
+                    os.access(d_script_path, os.X_OK):
+                subprocess.call([d_script_path])
+
     def run_user_script(self):
         '''Run user script in /rw/config'''
         user_script_path = '/rw/config/qubes-firewall-user-script'
@@ -140,6 +151,7 @@ class FirewallWorker(object):
     def main(self):
         self.terminate_requested = False
         self.init()
+        self.run_firewall_dir()
         self.run_user_script()
         # initial load
         for source_addr in self.list_targets():