diff --git a/qubes-network-server.spec b/qubes-network-server.spec index 7ec6c35..f0c2642 100644 --- a/qubes-network-server.spec +++ b/qubes-network-server.spec @@ -3,7 +3,7 @@ %define mybuildnumber %{?build_number}%{?!build_number:1} Name: qubes-network-server -Version: 0.0.7 +Version: 0.0.8 Release: %{mybuildnumber}%{?dist} Summary: Turn your Qubes OS into a network server BuildArch: noarch diff --git a/src/usr/lib64/python2.7/site-packages/qubes/modules/001FortressQubesVm.py b/src/usr/lib64/python2.7/site-packages/qubes/modules/001FortressQubesVm.py index f319f00..df56f40 100644 --- a/src/usr/lib64/python2.7/site-packages/qubes/modules/001FortressQubesVm.py +++ b/src/usr/lib64/python2.7/site-packages/qubes/modules/001FortressQubesVm.py @@ -106,7 +106,7 @@ class QubesVm(OriginalQubesVm): def start_qrexec_daemon(self, verbose=False, notify_function=None): ret = OriginalQubesVm.start_qrexec_daemon(self, verbose=verbose, notify_function=notify_function) - if self.type not in ['AppVM', 'HVM']: + if self.type in ['AppVM', 'HVM']: self.deploy_appvm_firewall(verbose=verbose, notify_function=notify_function) self.adjust_proxy_arp(verbose=verbose, notify_function=notify_function) self.adjust_own_firewall_rules() @@ -396,6 +396,19 @@ class QubesVm(OriginalQubesVm): f.close() def deploy_appvm_firewall(self, verbose = False, notify_function=None): + # FIXME FIXME FIXME! + # + # Finish porting all code here that sets rules in AppVMs to + # use this daemon instead, so that rules can be configured + # to work properly without bullshit of any kind. + # + # See 007FortressQubesProxyVm.py code for where that may + # happen, as well as any place where FORTRESS-INPUT appears + # or is involved. + # + # Maybe: templatize qubes-appvm-firewall so that the template + # can take the name of the chain and the name of the key + # from this upstream program which deploys it into VMs. def n(msg): if notify_function: notify_function("info", msg)