QubesOS
/
qubes-core-admin-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove iptables config

Browse Source 
Dom0 have no network at all, it isn't needed.
pull/1/head mm_5035fc7e
Marek Marczykowski-Górecki 9 years ago
parent 2866196dad
commit 5035fc7eed
3 changed files with 0 additions and 42 deletions
Show Stats Download Patch File Download Diff File

4
rpm_spec/core-dom0-linux.spec
Unescape View File

@ -130,8 +130,6 @@ cp -r dracut/modules.d/* $RPM_BUILD_ROOT%{_dracutmoddir}/
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
install -m 0644 -D system-config/limits-qubes.conf $RPM_BUILD_ROOT/etc/security/limits.d/99-qubes.conf
install -D system-config/cpufreq-xen.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/cpufreq-xen.modules
cp system-config/iptables $RPM_BUILD_ROOT/etc/sysconfig
cp system-config/ip6tables $RPM_BUILD_ROOT/etc/sysconfig
install -m 0440 -D system-config/qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes
install -D system-config/polkit-1-qubes-allow-all.rules $RPM_BUILD_ROOT/etc/polkit-1/rules.d/00-qubes-allow-all.rules
install -D system-config/qubes-dom0.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes-dom0.modules
@ -248,8 +246,6 @@ chmod -x /etc/grub.d/10_linux
/usr/lib64/pm-utils/sleep.d/52qubes-pause-vms
/usr/lib/systemd/system/qubes-suspend.service
# Others
/etc/sysconfig/iptables
/etc/sysconfig/ip6tables
/etc/sysconfig/modules/qubes-dom0.modules
/etc/sysconfig/modules/cpufreq-xen.modules
/etc/sudoers.d/qubes

8
system-config/ip6tables
Unescape View File

@ -1,8 +0,0 @@
# Generated by ip6tables-save v1.4.14 on Tue Sep 25 16:00:20 2012
*filter
:INPUT DROP [1:72]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
COMMIT
# Completed on Tue Sep 25 16:00:20 2012

30
system-config/iptables
Unescape View File

@ -1,30 +0,0 @@
# Generated by iptables-save v1.4.5 on Mon Sep 6 08:57:46 2010
*nat
:PREROUTING ACCEPT [85:5912]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:PR-QBS - [0:0]
:PR-QBS-SERVICES - [0:0]
-A PREROUTING -j PR-QBS
-A PREROUTING -j PR-QBS-SERVICES
-A POSTROUTING -o vif+ -j ACCEPT
-A POSTROUTING -o lo -j ACCEPT
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Mon Sep 6 08:57:46 2010
# Generated by iptables-save v1.4.5 on Mon Sep 6 08:57:46 2010
*filter
:INPUT ACCEPT [168:11399]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [128:12536]
-A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vif+ -o vif+ -j DROP
-A FORWARD -i vif+ -j ACCEPT
-A FORWARD -j DROP
COMMIT
# Completed on Mon Sep 6 08:57:46 2010
Write Preview
Loading…
Cancel
Save