Skip to content

Commit

Permalink
Do not generate R3 compat firewall rules if R4 format is supported
Browse files Browse the repository at this point in the history
R3 format had limitation of ~40 rules per VM. Do not generate compat
rules (possibly hitting that limitation) if new format, free of that
limitation is supported.

Fixes QubesOS/qubes-issues#1570
Fixes QubesOS/qubes-issues#4228
  • Loading branch information
marmarek committed Oct 15, 2018
1 parent e8dc6cb commit 133219f
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions qubes/ext/r3compatibility.py
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,9 @@ def on_firewall_changed(self, vm, event):

def write_iptables_qubesdb_entry(self, firewallvm):
# pylint: disable=no-self-use
# skip compatibility rules if new format support is advertised
if firewallvm.features.check_with_template('qubes-firewall', False):
return
firewallvm.untrusted_qdb.rm("/qubes-iptables-domainrules/")
iptables = "# Generated by Qubes Core on {0}\n".format(
datetime.datetime.now().ctime())
Expand Down

0 comments on commit 133219f

Please sign in to comment.