suzanne.soy/qubes-core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b8e38c2f7f
qubes-core-agent-linux/vm-systemd/qubes-firewall.service
Marek Marczykowski-Górecki ee16e5cecb
network: order qubes-firewall service before enabling IP forwarding 
Start qubes-firewall (which will add "DROP by default" rule) before
enabling IP forwarding, to not leave a time slot where some connection
could go around configured firewall.

QubesOS/qubes-issues#3269

(cherry picked from commit 3fb258db47)
2017-12-13 03:40:43 +01:00

12 lines
242 B
Desktop File
Raw Blame History

[Unit]
Description=Qubes firewall updater
ConditionPathExists=/var/run/qubes-service/qubes-firewall
After=qubes-iptables.service
Before=qubes-network.service
[Service]
ExecStart=/usr/sbin/qubes-firewall
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink