Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,211 Commits 1 Branch 0 Tags 34 MiB
Shell 45.2%
Python 29.7%
C 15.4%
Makefile 7.4%
desktop 0.7%
Other 1.6%
7d783b3010
Go to file
Peter Gerber 7d783b3010
Qubes firewall: correct syntax for icmpv6 rejects 
I've run into an issue with incorrectly generated rules for IPv6. I
added some debugging code printing the generated rules and the
resulting error (see below). Turns out "reject with" expects icmpv6
rather than icmp6.

--- generated rule ---

flush chain ip6 qubes-firewall qbs-fd09-24ef-4179--a89-15
table ip6 qubes-firewall {
  chain qbs-fd09-24ef-4179--a89-15 {
    ip6 daddr fc00::/8 reject with icmp6 type admin-prohibited
    ip6 daddr fd00::/8 reject with icmp6 type admin-prohibited
    ip6 daddr fe80::/10 reject with icmp6 type admin-prohibited
    accept
    reject with icmp6 type admin-prohibited
  }
}

--- output ---

/dev/stdin:4:36-40: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx

                                   ^^^^^
/dev/stdin:5:36-40: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx

                                   ^^^^^
/dev/stdin:6:37-41: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx

                                    ^^^^^
/dev/stdin:8:17-21: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx

                ^^^^^
2018-05-07 22:39:22 +00:00
archlinux Create /etc/dconf/profile/user dynamically, if not present 2018-05-02 02:57:37 +02:00
autostart-dropins Enable gnome settings daemon xsettings plugin 2018-01-12 05:44:54 +01:00
ci tests: add run-tests script, plug it into travis 2017-05-20 13:20:08 +02:00
debian version 4.0.27 2018-05-02 05:05:33 +02:00
doc qrexec: add qrexec-client-vm --buffer-size option 2018-03-14 01:45:14 +01:00
init Use only /etc/skel to provision user's home directory of new VM 2018-04-13 00:35:08 +02:00
misc Change repository URLs to https 2018-04-21 23:13:13 +02:00
network network: make sure static NM configuration is created before NM start 2018-04-06 01:52:11 +02:00
patches.debian Stop anacron from starting in Debian using existing constraint on cron 2017-02-05 23:36:27 +00:00
pkgs archlinux: created build scripts 2013-04-17 01:22:32 +02:00
post-install.d Call qubes.PostInstall service to notify dom0 about all apps/features 2018-02-13 17:05:42 +01:00
qrexec Fix GCC8 warnings 2018-04-20 08:52:45 +02:00
qubes-rpc Move/Copy many files in one step via nautilus extension 2018-04-30 02:40:23 +02:00
qubesagent Qubes firewall: correct syntax for icmpv6 rejects 2018-05-07 22:39:22 +00:00
rpm_spec Require dconf utility to (re)build /etc/dconf/db/local 2018-05-02 03:02:07 +02:00
test-packages tests: add run-tests script, plug it into travis 2017-05-20 13:20:08 +02:00
vm-init.d Resize root filesystem at VM startup if needed 2017-10-18 21:02:15 +02:00
vm-systemd qubes-firewall: signal service readiness only after initial scripts 2018-04-20 16:38:25 +02:00
.coveragerc tests: add run-tests script, plug it into travis 2017-05-20 13:20:08 +02:00
.gitignore Update gitignore and make clean target 2018-04-20 16:27:26 +02:00
.travis.yml travis: add centos7 2018-05-01 15:20:53 +02:00
debian-quilt debian: fix shellcheck warnings in debian packaging 2017-09-30 05:05:33 +02:00
LICENSE Added LICENSE 2010-04-05 21:21:27 +02:00
Makefile Fix make clean 2018-05-02 04:48:51 +02:00
Makefile.builder Merge remote-tracking branch 'qubesos/pr/71' 2017-11-14 15:07:41 +01:00
run-tests Load only test_* files when looking for tests (python) 2018-04-02 23:19:02 +02:00
series-debian-vm.conf Stop anacron from starting in Debian using existing constraint on cron 2017-02-05 23:36:27 +00:00
setup.py network: rewrite qubes-firewall daemon 2016-09-12 05:22:53 +02:00
version version 4.0.27 2018-05-02 05:05:33 +02:00