From 5035fc7eed26d70f5b595fe93f45a1b30f91e2b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 23 Mar 2015 12:32:04 +0100 Subject: [PATCH] Remove iptables config Dom0 have no network at all, it isn't needed. --- rpm_spec/core-dom0-linux.spec | 4 ---- system-config/ip6tables | 8 -------- system-config/iptables | 30 ------------------------------ 3 files changed, 42 deletions(-) delete mode 100644 system-config/ip6tables delete mode 100644 system-config/iptables diff --git a/rpm_spec/core-dom0-linux.spec b/rpm_spec/core-dom0-linux.spec index 426d530..9f7c129 100644 --- a/rpm_spec/core-dom0-linux.spec +++ b/rpm_spec/core-dom0-linux.spec @@ -130,8 +130,6 @@ cp -r dracut/modules.d/* $RPM_BUILD_ROOT%{_dracutmoddir}/ mkdir -p $RPM_BUILD_ROOT/etc/sysconfig install -m 0644 -D system-config/limits-qubes.conf $RPM_BUILD_ROOT/etc/security/limits.d/99-qubes.conf install -D system-config/cpufreq-xen.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/cpufreq-xen.modules -cp system-config/iptables $RPM_BUILD_ROOT/etc/sysconfig -cp system-config/ip6tables $RPM_BUILD_ROOT/etc/sysconfig install -m 0440 -D system-config/qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes install -D system-config/polkit-1-qubes-allow-all.rules $RPM_BUILD_ROOT/etc/polkit-1/rules.d/00-qubes-allow-all.rules install -D system-config/qubes-dom0.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes-dom0.modules @@ -248,8 +246,6 @@ chmod -x /etc/grub.d/10_linux /usr/lib64/pm-utils/sleep.d/52qubes-pause-vms /usr/lib/systemd/system/qubes-suspend.service # Others -/etc/sysconfig/iptables -/etc/sysconfig/ip6tables /etc/sysconfig/modules/qubes-dom0.modules /etc/sysconfig/modules/cpufreq-xen.modules /etc/sudoers.d/qubes diff --git a/system-config/ip6tables b/system-config/ip6tables deleted file mode 100644 index 8a906f5..0000000 --- a/system-config/ip6tables +++ /dev/null @@ -1,8 +0,0 @@ -# Generated by ip6tables-save v1.4.14 on Tue Sep 25 16:00:20 2012 -*filter -:INPUT DROP [1:72] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -i lo -j ACCEPT -COMMIT -# Completed on Tue Sep 25 16:00:20 2012 diff --git a/system-config/iptables b/system-config/iptables deleted file mode 100644 index a23bb82..0000000 --- a/system-config/iptables +++ /dev/null @@ -1,30 +0,0 @@ -# Generated by iptables-save v1.4.5 on Mon Sep 6 08:57:46 2010 -*nat -:PREROUTING ACCEPT [85:5912] -:OUTPUT ACCEPT [0:0] -:POSTROUTING ACCEPT [0:0] -:PR-QBS - [0:0] -:PR-QBS-SERVICES - [0:0] --A PREROUTING -j PR-QBS --A PREROUTING -j PR-QBS-SERVICES --A POSTROUTING -o vif+ -j ACCEPT --A POSTROUTING -o lo -j ACCEPT --A POSTROUTING -j MASQUERADE -COMMIT -# Completed on Mon Sep 6 08:57:46 2010 -# Generated by iptables-save v1.4.5 on Mon Sep 6 08:57:46 2010 -*filter -:INPUT ACCEPT [168:11399] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [128:12536] --A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP --A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT --A INPUT -p icmp -j ACCEPT --A INPUT -i lo -j ACCEPT --A INPUT -j REJECT --reject-with icmp-host-prohibited --A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT --A FORWARD -i vif+ -o vif+ -j DROP --A FORWARD -i vif+ -j ACCEPT --A FORWARD -j DROP -COMMIT -# Completed on Mon Sep 6 08:57:46 2010