Skip to content

Commit 08f9d2a

Browse files
committed
network: reload firewall rules on DNS change
When DNS changes (for example after switching network, or connecting VPN) it is possible that some names will resolve to different addresses. 2256411 "network: Update specialtarget=dns rules on DNS change" handled one specific case of DNS firewall rules specifically, change it to reloading the whole firewall instead. This also fixes the case where qubes-firewall is not enabled at all. Fixes QubesOS/qubes-issues#10444
1 parent 5b41264 commit 08f9d2a

1 file changed

Lines changed: 5 additions & 4 deletions

File tree

network/qubes-setup-dnat-to-ns

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -142,10 +142,11 @@ def install_firewall_rules(dns):
142142
sys.exit(100)
143143

144144
if os.path.exists('/run/qubes-service/qubes-firewall'):
145-
rules.append("flush set ip qubes-firewall dns-addr")
146-
if len(dns_resolved) > 0:
147-
dns_ = ", ".join(str(addr) for addr in dns_resolved)
148-
rules.append(f"add element ip qubes-firewall dns-addr {{ {dns_} }}")
145+
subprocess.call(["systemctl",
146+
"--no-block",
147+
"try-reload-or-restart",
148+
"qubes-firewall.service"
149+
])
149150

150151
os.execvp("nft", ("nft", "--", "\n".join(preamble + rules)))
151152

0 commit comments

Comments
 (0)