diff --git a/network/qubes_firewall b/network/qubes_firewall index 81dbca7..30670b8 100755 --- a/network/qubes_firewall +++ b/network/qubes_firewall @@ -12,13 +12,20 @@ echo $$ >$PIDFILE trap 'exit 0' SIGTERM +FIRST_TIME=yes + while true; do echo "1" > /proc/sys/net/ipv4/ip_forward - # Wait for changes in xenstore file - /usr/bin/xenstore-watch-qubes $XENSTORE_IPTABLES - TRIGGER=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES) + if [ "$FIRST_TIME" ]; then + FIRST_TIME= + TRIGGER=reload + else + # Wait for changes in xenstore file + /usr/bin/xenstore-watch-qubes $XENSTORE_IPTABLES + TRIGGER=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES) + fi if ! [ "$TRIGGER" = "reload" ]; then continue ; fi diff --git a/network/qubes_netwatcher b/network/qubes_netwatcher index afd7cda..2512f73 100755 --- a/network/qubes_netwatcher +++ b/network/qubes_netwatcher @@ -18,14 +18,14 @@ while true; do # thus, no sanitization ready # but be careful when passing it to other shell scripts if [[ "$UNTRUSTED_NETCFG" != "$CURR_NETCFG" ]]; then - /sbin/service qubes_firewall stop - /sbin/service qubes_firewall start + /sbin/service qubes-firewall stop + /sbin/service qubes-firewall start CURR_NETCFG="$UNTRUSTED_NETCFG" /usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG" fi - /usr/bin/xenstore-watch-qubes /local/domain/$NET_DOMID/qubes_netvm_external_ip + /usr/bin/xenstore-watch -n 3 /local/domain/$NET_DOMID/qubes_netvm_external_ip qubes_netvm_domid else - /usr/bin/xenstore-watch-qubes qubes_netvm_domid + /usr/bin/xenstore-watch -n 2 qubes_netvm_domid fi done diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index f02cdcc..c11b699 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -411,8 +411,8 @@ The Qubes core startup configuration for SysV init (or upstart). /etc/init.d/qubes_core /etc/init.d/qubes_core_appvm /etc/init.d/qubes_core_netvm -/etc/init.d/qubes_firewall -/etc/init.d/qubes_netwatcher +/etc/init.d/qubes-firewall +/etc/init.d/qubes-netwatcher %post sysvinit @@ -443,8 +443,8 @@ chkconfig --add qubes_core_appvm || echo "WARNING: Cannot add service qubes_core chkconfig qubes_core_appvm on || echo "WARNING: Cannot enable service qubes_core!" chkconfig --add qubes_firewall || echo "WARNING: Cannot add service qubes_core!" chkconfig qubes_firewall on || echo "WARNING: Cannot enable service qubes_core!" -chkconfig --add qubes_netwatcher || echo "WARNING: Cannot add service qubes_core!" -chkconfig qubes_netwatcher on || echo "WARNING: Cannot enable service qubes_core!" +chkconfig --add qubes-netwatcher || echo "WARNING: Cannot add service qubes_core!" +chkconfig qubes-netwatcher on || echo "WARNING: Cannot enable service qubes_core!" # TODO: make this not display the silly message about security context... sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab @@ -455,8 +455,8 @@ if [ "$1" = 0 ] ; then chkconfig qubes_core off chkconfig qubes_core_netvm off chkconfig qubes_core_appvm off - chkconfig qubes_firewall off - chkconfig qubes_netwatcher off + chkconfig qubes-firewall off + chkconfig qubes-netwatcher off fi %package systemd diff --git a/vm-init.d/qubes_firewall b/vm-init.d/qubes-firewall similarity index 100% rename from vm-init.d/qubes_firewall rename to vm-init.d/qubes-firewall diff --git a/vm-init.d/qubes_netwatcher b/vm-init.d/qubes-netwatcher similarity index 100% rename from vm-init.d/qubes_netwatcher rename to vm-init.d/qubes-netwatcher