From 459b9800ea58d83d0e4595bd3c7c3b265cfdc79d Mon Sep 17 00:00:00 2001 From: Giulio Date: Fri, 20 Aug 2021 15:30:40 +0200 Subject: [PATCH] Fixes rules --- Readme.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Readme.md b/Readme.md index 2fa2104..f594c43 100644 --- a/Readme.md +++ b/Readme.md @@ -163,7 +163,7 @@ It is important to note that in the last case, it is just a standard case of int ### Implementation Roadmap - 1. ✔️ In `core-admin-client/qubesadmin/firewall.py` firewall.py > The code + 1. ✔️ In `core-admin-client/qubesadmin/firewall.py` firewall.py -> The code needs to support the new options for the rule (action=forward frowardtype= srcports=443-443 srchosts=0.0.0.0/0 2. ✔️ In `core-admin/qubes/firewall.py` -> The code needs to support the same @@ -177,6 +177,7 @@ building the correct syntax for iptables or nft and the actual execution 5. ❌ Tests 6. ❌ GUI + Steps 1-3 are completed and needs the automated test. Step 4 has still some issues but it is in its final stages. 5 will be worked on in the following weeks, since it is mandatory before merging anything. 6 can come at a later stage. ### Known Issues @@ -209,12 +210,9 @@ $ qvm-firewall personal add action=forward forwardtype=external scrports=22-22 p First, a table for the forwarding rules is created: ``` -flush chain {family} qubes-firewall-forward prerouting -flush chain {family} qubes-firewall-forward postrouting table {family} qubes-firewall-forward { chain postrouting { type nat hook postrouting priority srcnat; policy accept; - masquerade } chain prerouting { type nat hook prerouting priority dstnat; policy accept;