mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2024-10-01 01:05:39 -04:00
firewall rule: remove DNS rule (was only needed in Qubes 3)
This commit is contained in:
parent
050c4706e3
commit
5fdcaae7e8
4
rules.ml
4
rules.ml
@ -96,10 +96,6 @@ let translate_accepted_packets dns_client packet =
|
|||||||
(** Packets from the private interface that don't match any NAT table entry are being checked against the fw rules here *)
|
(** Packets from the private interface that don't match any NAT table entry are being checked against the fw rules here *)
|
||||||
let from_client dns_client (packet : ([`Client of Fw_utils.client_link], _) Packet.t) : Packet.action Lwt.t =
|
let from_client dns_client (packet : ([`Client of Fw_utils.client_link], _) Packet.t) : Packet.action Lwt.t =
|
||||||
match packet with
|
match packet with
|
||||||
| { dst = `Firewall; transport_header = `UDP header; _ } ->
|
|
||||||
if header.Udp_packet.dst_port = dns_port
|
|
||||||
then Lwt.return @@ `NAT_to (`NetVM, dns_port)
|
|
||||||
else Lwt.return @@ `Drop "packet addressed to client gateway"
|
|
||||||
| { dst = `External _ ; _ } | { dst = `NetVM; _ } -> translate_accepted_packets dns_client packet
|
| { dst = `External _ ; _ } | { dst = `NetVM; _ } -> translate_accepted_packets dns_client packet
|
||||||
| { dst = `Firewall ; _ } -> Lwt.return @@ `Drop "packet addressed to firewall itself"
|
| { dst = `Firewall ; _ } -> Lwt.return @@ `Drop "packet addressed to firewall itself"
|
||||||
| { dst = `Client _ ; _ } -> classify_client_packet dns_client packet
|
| { dst = `Client _ ; _ } -> classify_client_packet dns_client packet
|
||||||
|
Loading…
Reference in New Issue
Block a user