Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
f8c40aa0f7
core-agent-linux/vm-systemd/network-proxy-setup.sh
Marek Marczykowski-Górecki 715693b93d
network: IPv6-enabled firewall 
If IPv6 is configured in the VM, and it is providing network to others,
apply IPv6 firewall similar to the IPv4 one (including NAT for outgoing
traffix), instead of blocking everything. Also, enable IP forwarding for
IPv6 in such a case.

Fixes QubesOS/qubes-issues#718
2017-12-07 01:41:55 +01:00

29 lines
1.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# Setup gateway for all the VMs this netVM is serviceing...
network=$(qubesdb-read /qubes-netvm-network 2>/dev/null)
if [ "x$network" != "x" ]; then
if [ -e /proc/sys/kernel ] && ! [ -e /proc/sys/kernel/modules_disabled ]; then
readonly modprobe_fail_cmd='true'
else
readonly modprobe_fail_cmd='false'
fi
gateway=$(qubesdb-read /qubes-netvm-gateway)
gateway6=$(qubesdb-read /qubes-netvm-gateway6 ||:)
#netmask=$(qubesdb-read /qubes-netvm-netmask)
primary_dns=$(qubesdb-read /qubes-netvm-primary-dns 2>/dev/null || echo "$gateway")
secondary_dns=$(qubesdb-read /qubes-netvm-secondary-dns)
modprobe netbk 2> /dev/null || modprobe xen-netback || "${modprobe_fail_cmd}"
echo "NS1=$primary_dns" > /var/run/qubes/qubes-ns
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
/usr/lib/qubes/qubes-setup-dnat-to-ns
echo "1" > /proc/sys/net/ipv4/ip_forward
# enable also IPv6 forwarding, if IPv6 is enabled
if [ -n "$gateway6" ]; then
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
fi
/sbin/ethtool -K eth0 sg off || true
fi
Reference in New Issue View Git Blame Copy Permalink