Marek Marczykowski-Górecki
b9e51f9ab3
network: use more strict policy about incoming traffic
...
Do not allow ICMP from uplink VM (or the outside world). Also do not
send ICMP icmp-host-prohibited to the uplink.
Fixes QubesOS/qubes-issues#1346
2015-12-30 02:09:23 +01:00
Marek Marczykowski-Górecki
4c3d5a46c2
firewall: replace deprecated "state" iptables module with "conntrack"
2014-03-28 02:56:43 +01:00
Marek Marczykowski
4b98106732
dom0+vm/iptables: add PR-QBS-SERVICES chain in PREROUTING nat table
...
Additional chain for some qubes-related redirections. BTW PR-QBS should be
renamed now to PR-QBS-DNS...
2012-05-31 03:11:43 +02:00
Marek Marczykowski
b5fff2564f
vm/iptables: do not MASQUERADE packets on lo ( #416 )
...
Masquerading packets on lo actually drops them when there is no default route.
This causes problems with commutication between ntpd processes (ntp main
daemon and resolver). And perhaps many more...
2012-01-13 20:42:31 +01:00
Marek Marczykowski
240d35259f
vm(+dom0): major rearrage VM files in repo; merge core-*vm packages
2012-01-06 21:31:12 +01:00