Remove iptables config
Dom0 have no network at all, it isn't needed.
This commit is contained in:
parent
2866196dad
commit
5035fc7eed
@ -130,8 +130,6 @@ cp -r dracut/modules.d/* $RPM_BUILD_ROOT%{_dracutmoddir}/
|
|||||||
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
|
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
|
||||||
install -m 0644 -D system-config/limits-qubes.conf $RPM_BUILD_ROOT/etc/security/limits.d/99-qubes.conf
|
install -m 0644 -D system-config/limits-qubes.conf $RPM_BUILD_ROOT/etc/security/limits.d/99-qubes.conf
|
||||||
install -D system-config/cpufreq-xen.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/cpufreq-xen.modules
|
install -D system-config/cpufreq-xen.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/cpufreq-xen.modules
|
||||||
cp system-config/iptables $RPM_BUILD_ROOT/etc/sysconfig
|
|
||||||
cp system-config/ip6tables $RPM_BUILD_ROOT/etc/sysconfig
|
|
||||||
install -m 0440 -D system-config/qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes
|
install -m 0440 -D system-config/qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes
|
||||||
install -D system-config/polkit-1-qubes-allow-all.rules $RPM_BUILD_ROOT/etc/polkit-1/rules.d/00-qubes-allow-all.rules
|
install -D system-config/polkit-1-qubes-allow-all.rules $RPM_BUILD_ROOT/etc/polkit-1/rules.d/00-qubes-allow-all.rules
|
||||||
install -D system-config/qubes-dom0.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes-dom0.modules
|
install -D system-config/qubes-dom0.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes-dom0.modules
|
||||||
@ -248,8 +246,6 @@ chmod -x /etc/grub.d/10_linux
|
|||||||
/usr/lib64/pm-utils/sleep.d/52qubes-pause-vms
|
/usr/lib64/pm-utils/sleep.d/52qubes-pause-vms
|
||||||
/usr/lib/systemd/system/qubes-suspend.service
|
/usr/lib/systemd/system/qubes-suspend.service
|
||||||
# Others
|
# Others
|
||||||
/etc/sysconfig/iptables
|
|
||||||
/etc/sysconfig/ip6tables
|
|
||||||
/etc/sysconfig/modules/qubes-dom0.modules
|
/etc/sysconfig/modules/qubes-dom0.modules
|
||||||
/etc/sysconfig/modules/cpufreq-xen.modules
|
/etc/sysconfig/modules/cpufreq-xen.modules
|
||||||
/etc/sudoers.d/qubes
|
/etc/sudoers.d/qubes
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
# Generated by ip6tables-save v1.4.14 on Tue Sep 25 16:00:20 2012
|
|
||||||
*filter
|
|
||||||
:INPUT DROP [1:72]
|
|
||||||
:FORWARD DROP [0:0]
|
|
||||||
:OUTPUT ACCEPT [0:0]
|
|
||||||
-A INPUT -i lo -j ACCEPT
|
|
||||||
COMMIT
|
|
||||||
# Completed on Tue Sep 25 16:00:20 2012
|
|
@ -1,30 +0,0 @@
|
|||||||
# Generated by iptables-save v1.4.5 on Mon Sep 6 08:57:46 2010
|
|
||||||
*nat
|
|
||||||
:PREROUTING ACCEPT [85:5912]
|
|
||||||
:OUTPUT ACCEPT [0:0]
|
|
||||||
:POSTROUTING ACCEPT [0:0]
|
|
||||||
:PR-QBS - [0:0]
|
|
||||||
:PR-QBS-SERVICES - [0:0]
|
|
||||||
-A PREROUTING -j PR-QBS
|
|
||||||
-A PREROUTING -j PR-QBS-SERVICES
|
|
||||||
-A POSTROUTING -o vif+ -j ACCEPT
|
|
||||||
-A POSTROUTING -o lo -j ACCEPT
|
|
||||||
-A POSTROUTING -j MASQUERADE
|
|
||||||
COMMIT
|
|
||||||
# Completed on Mon Sep 6 08:57:46 2010
|
|
||||||
# Generated by iptables-save v1.4.5 on Mon Sep 6 08:57:46 2010
|
|
||||||
*filter
|
|
||||||
:INPUT ACCEPT [168:11399]
|
|
||||||
:FORWARD ACCEPT [0:0]
|
|
||||||
:OUTPUT ACCEPT [128:12536]
|
|
||||||
-A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP
|
|
||||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
|
||||||
-A INPUT -p icmp -j ACCEPT
|
|
||||||
-A INPUT -i lo -j ACCEPT
|
|
||||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
|
||||||
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
|
||||||
-A FORWARD -i vif+ -o vif+ -j DROP
|
|
||||||
-A FORWARD -i vif+ -j ACCEPT
|
|
||||||
-A FORWARD -j DROP
|
|
||||||
COMMIT
|
|
||||||
# Completed on Mon Sep 6 08:57:46 2010
|
|
Loading…
Reference in New Issue
Block a user