Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
cc68f165bc
core-agent-linux/network/ip6tables
Marek Marczykowski-Górecki 57a3c2d67e
network: have safe fallback in case of qubes-firewall crash/error 
When qubes-firewall service is started, modify firewall to have "DROP"
policy, so if something goes wrong, no data got leaked.
But keep default action "ACCEPT" in case of legitimate service stop, or
not starting it at all - because one may choose to not use this service
at all.
Achieve this by adding "DROP" rule at the end of QBS-FIREWALL chain and
keep it there while qubes-firewall service is running.

Fixes QubesOS/qubes-issues#3269
2017-11-20 01:56:14 +01:00

11 lines
252 B
Plaintext
Raw Blame History

# Generated by ip6tables-save v1.4.14 on Tue Sep 25 16:00:20 2012
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:QBS-FORWARD - [0:0]
-A INPUT -i lo -j ACCEPT
-A FORWARD -j QBS-FORWARD
COMMIT
# Completed on Tue Sep 25 16:00:20 2012
Reference in New Issue View Git Blame Copy Permalink