diff options
author | Simon Rettberg | 2024-10-25 16:09:28 +0200 |
---|---|---|
committer | Simon Rettberg | 2024-10-25 16:09:28 +0200 |
commit | ae94cbd3df96b84f2ec2964a156d5b09b3fb98b7 (patch) | |
tree | b6b1f0862809a6e73fd078d2b8bcba8e8d19fb1c | |
parent | kernel.config: Need IOMMUFD builtin, so VFIO can be builtin (diff) | |
download | mltk-ae94cbd3df96b84f2ec2964a156d5b09b3fb98b7.tar.gz mltk-ae94cbd3df96b84f2ec2964a156d5b09b3fb98b7.tar.xz mltk-ae94cbd3df96b84f2ec2964a156d5b09b3fb98b7.zip |
[run-virt] Fix blockall with no DNS rules
-rw-r--r-- | core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall index 3dd19778..64c8eaa8 100644 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall @@ -215,7 +215,11 @@ if ! ( # BLOCK if [ "$DEST" = "*" ]; then # Special case: '*' - default rule, so BLOCK -> no default servers - [ -z "$blockall" ] && blockall=1 + if [ -s "$DNSCFG" ]; then + [ -z "$blockall" ] && blockall=1 + else + both=1 + fi else # A host - map to 0.0.0.0 echo "address=/$DEST/" >> "$DNSCFG" @@ -224,7 +228,11 @@ if ! ( # ACCEPT if [ "$DEST" = "*" ]; then # Special case: '*' - degault rule, so ACCEPT -> default servers - [ -z "$blockall" ] && blockall=0 + if [ -s "$DNSCFG" ]; then + [ -z "$blockall" ] && blockall=0 + else + both=1 + fi else # specifically map to our DNS servers for dnsip in $dnslist; do |