network: order qubes-firewall service before enabling IP forwarding
Start qubes-firewall (which will add "DROP by default" rule) before
enabling IP forwarding, to not leave a time slot where some connection
could go around configured firewall.
QubesOS/qubes-issues#3269
(cherry picked from commit 3fb258db47)
This commit is contained in:
Marek Marczykowski-Górecki
parent
78c1a22bbf
commit
ee16e5cecb
|
|
@ -1,7 +1,8 @@
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Qubes firewall updater
|
Description=Qubes firewall updater
|
||||||
ConditionPathExists=/var/run/qubes-service/qubes-firewall
|
ConditionPathExists=/var/run/qubes-service/qubes-firewall
|
||||||
After=qubes-network.service
|
After=qubes-iptables.service
|
||||||
|
Before=qubes-network.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/sbin/qubes-firewall
|
ExecStart=/usr/sbin/qubes-firewall
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user