Inicio Explorar Axuda
Iniciar sesión
Qubes
/
core-agent-linux
2
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

firewall: allow also related traffic

This include ICMP error messages for allowed traffic.

Fixes QubesOS/qubes-issues#3406
Marek Marczykowski-Górecki %!s(int64=6) %!d(string=hai) anos
pai
3a83623647
achega
c324b16252
Modificáronse 2 ficheiros con 3 adicións e 3 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 1 1
      qubesagent/firewall.py
  2. 2 2
      qubesagent/test_firewall.py

+ 1 - 1
qubesagent/firewall.py
Ver ficheiro 

@@ -556,7 +556,7 @@ class NftablesWorker(FirewallWorker):
 
             '  chain forward {{\n'
 
             '    type filter hook forward priority 0;\n'
 
             '    policy drop;\n'
 
-            '    ct state established accept\n'
 
+            '    ct state established,related accept\n'
 
             '  }}\n'
 
             '}}\n'
 
         )

+ 2 - 2
qubesagent/test_firewall.py
Ver ficheiro 

@@ -430,14 +430,14 @@ class TestNftablesWorker(TestCase):
 
             '  chain forward {\n'
 
             '    type filter hook forward priority 0;\n'
 
             '    policy drop;\n'
 
-            '    ct state established accept\n'
 
+            '    ct state established,related accept\n'
 
             '  }\n'
 
             '}\n'
 
             'table ip6 qubes-firewall {\n'
 
             '  chain forward {\n'
 
             '    type filter hook forward priority 0;\n'
 
             '    policy drop;\n'
 
-            '    ct state established accept\n'
 
+            '    ct state established,related accept\n'
 
             '  }\n'
 
             '}\n'
 
         ])