Get rid of /sbin/iptables from qubes_core in netvm

2010-06-04 13:28:29 +02:00 · 2010-06-04 13:28:29 +02:00 · a39beab0e6
commit a39beab0e6
parent 68919b0d37
2 changed files with 10 additions and 9 deletions
--- a/netvm/iptables
+++ b/netvm/iptables
@ -1,13 +1,15 @@
-# Generated by iptables-save v1.4.5 on Thu May 20 06:02:32 2010
+# Generated by iptables-save v1.4.5 on Fri Jun  4 07:17:12 2010
 *nat
-:PREROUTING ACCEPT [2:362]
+:PREROUTING ACCEPT [8:818]
-:POSTROUTING ACCEPT [4:228]
+:POSTROUTING ACCEPT [1:84]
 :OUTPUT ACCEPT [0:0]
 -A POSTROUTING -o br+ -j ACCEPT
 -A POSTROUTING -j MASQUERADE
 COMMIT
-# Completed on Thu May 20 06:02:32 2010
+# Completed on Fri Jun  4 07:17:12 2010
-# Generated by iptables-save v1.4.5 on Thu May 20 06:02:32 2010
+# Generated by iptables-save v1.4.5 on Fri Jun  4 07:17:12 2010
 *filter
-:INPUT ACCEPT [3:84]
+:INPUT ACCEPT [168:4704]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 -A INPUT -i br+ -p udp -m udp --dport 68 -j DROP
@ -17,4 +19,4 @@ COMMIT
 -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -j DROP
 COMMIT
-# Completed on Thu May 20 06:02:32 2010
+# Completed on Fri Jun  4 07:17:12 2010
--- a/netvm/qubes_core
+++ b/netvm/qubes_core
@ -35,8 +35,7 @@ start()
 #now done by iptables rc script
 #    iptables -t nat -A POSTROUTING -s $network/$netmask -j MASQUERADE
 #no, we cannot put ip-dependent stuff in sysconfig/iptables
-    iptables -t nat -A POSTROUTING -s $network/$netmask -d 224.0.0.0/8 -j ACCEPT	
+#so make it ip-independent
    iptables -t nat -A POSTROUTING -s $network/$netmask \! -d $network/$netmask -j MASQUERADE	
 	success
 	echo ""
 	return 0