Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
68b61c2c6d
core-agent-linux/network
History
Marek Marczykowski-Górecki 68b61c2c6d
network: setup anti-spoofing firewall rules before enabling the interface 
Previously enabling the interface was the first action in the setup
steps. Linux theoretically do not forward the traffic until proper
IP address and route is added to the interface (depending on rp_filter
setting). But instead of relying on this opaque behavior better setup
anti-spoofing rules earlier. Also, add 'set -o pipefail' for more
reliable error handling.
Note the rules for actual VM traffic (qvm-firewall) are properly
enforced - until those rules are loaded, traffic from appropriate vif
interface is blocked. But this relies on proper source IP address,
anti-spoofing rules need to be setup race-free.

Reported-by: Demi M. Obenour <demiobenour@gmail.com>
2020-11-10 15:46:22 -05:00
..
30-qubes-external-ip network: fix issues found by shellcheck 2017-09-30 04:43:04 +02:00
80-qubes.conf Stop Debian templates from forwarding by default. 2018-02-06 23:10:28 +00:00
ip6tables Update rule priorities for anti-spoofing 2020-01-10 09:19:32 +01:00
ip6tables-enabled firewall: drop INVALID state TCP packets 2020-01-24 19:01:00 +01:00
iptables firewall: drop INVALID state TCP packets 2020-01-24 19:01:00 +01:00
iptables-updates-proxy network: fix issues found by shellcheck 2017-09-30 04:43:04 +02:00
Makefile Split items in misc directory by topic 2020-02-04 23:59:09 +00:00
network-manager-prepare-conf-dir Refactor and handle new network qubesdb configuration 2019-06-18 18:49:42 +02:00
nm-30-qubes.conf Configure NetworkManager to keep /etc/resolv.conf as plain file 2016-09-15 01:26:35 +02:00
qubes-fix-nm-conf.sh Fix regex in qubes-fix-nm-conf.sh 2020-07-28 16:02:34 +02:00
qubes-iptables Fixes issue #3939 2018-05-31 14:02:15 -04:00
qubes-nmhook network: reload DNS only on "up" event from NetworkManager 2018-02-10 22:12:44 +01:00
qubes-setup-dnat-to-ns network: fix issues found by shellcheck 2017-09-30 04:43:04 +02:00
qvm-connect-tcp Split items in misc directory by topic 2020-02-04 23:59:09 +00:00
setup-ip setup-ip: fallback to legacy if nmcli is no present 2020-04-17 15:29:40 +02:00
show-hide-nm-applet.desktop Fix show-hide-nm-applet.desktop - use OnlyShowIn=X-QUBES 2015-09-03 00:43:54 +02:00
show-hide-nm-applet.sh network: fix issues found by shellcheck 2017-09-30 04:43:04 +02:00
tinyproxy-updates.conf tinyproxy: support rsync for Gentoo 2020-08-04 12:24:09 +02:00
tinyproxy-wrapper Split items in misc directory by topic 2020-02-04 23:59:09 +00:00
udev-qubes-network.rules Refactor and handle new network qubesdb configuration 2019-06-18 18:49:42 +02:00
update-proxy-configs archlinux: improve pacman proxy implementation 2020-10-29 00:11:06 -03:00
updates-blacklist (redo) updates-proxy: explicitly block connection looping back to the proxy IP 2017-09-15 05:00:05 +02:00
vif-qubes-nat.sh network: fix issues found by shellcheck 2017-09-30 04:43:04 +02:00
vif-route-qubes network: setup anti-spoofing firewall rules before enabling the interface 2020-11-10 15:46:22 -05:00