Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
be09476a65
core-agent-linux/qubesagent
History
Peter Gerber 7d783b3010
Qubes firewall: correct syntax for icmpv6 rejects 
I've run into an issue with incorrectly generated rules for IPv6. I
added some debugging code printing the generated rules and the
resulting error (see below). Turns out "reject with" expects icmpv6
rather than icmp6.

--- generated rule ---

flush chain ip6 qubes-firewall qbs-fd09-24ef-4179--a89-15
table ip6 qubes-firewall {
  chain qbs-fd09-24ef-4179--a89-15 {
    ip6 daddr fc00::/8 reject with icmp6 type admin-prohibited
    ip6 daddr fd00::/8 reject with icmp6 type admin-prohibited
    ip6 daddr fe80::/10 reject with icmp6 type admin-prohibited
    accept
    reject with icmp6 type admin-prohibited
  }
}

--- output ---

/dev/stdin:4:36-40: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx

                                   ^^^^^
/dev/stdin:5:36-40: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx

                                   ^^^^^
/dev/stdin:6:37-41: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx

                                    ^^^^^
/dev/stdin:8:17-21: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx

                ^^^^^
2018-05-07 22:39:22 +00:00
..
__init__.py network: rewrite qubes-firewall daemon 2016-09-12 05:22:53 +02:00
firewall.py Qubes firewall: correct syntax for icmpv6 rejects 2018-05-07 22:39:22 +00:00
test_firewall.py Qubes firewall: correct syntax for icmpv6 rejects 2018-05-07 22:39:22 +00:00
xdg.py Load only test_* files when looking for tests (python) 2018-04-02 23:19:02 +02:00