From 1d7942e8ffdbb649d975e38dbbf282d28d87d902 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 15 Dec 2022 15:43:41 +0100
Subject: [dnbd3-proxy-mode/run-virt] Firewall: Whitelist dnbd3-servers if
 local caching is enabled

We patch the config to say 127.0.0.1 is the only dnbd3 server,
discarding the actually configured servers. This breaks the automatic
whitelisting of the dnbd3 servers/proxies if a vm/course has firewalling
enabled.
---
 .../dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy | 2 +-
 core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall   | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

(limited to 'core')

diff --git a/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy b/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy
index 6cadf63d..04cc9ba4 100755
--- a/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy
+++ b/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy
@@ -150,7 +150,7 @@ if [ -n "$islocal" ]; then
 
 	# Use DNBD3 servers from openslx config and then patch it to say localhost
 	add_alt_server '-' ${SLX_DNBD3_SERVERS}
-	sed -i "s/^SLX_DNBD3_SERVERS=.*$/SLX_DNBD3_SERVERS='127.0.0.1'/" '/opt/openslx/config'
+	sed -i "s/^SLX_DNBD3_SERVERS=.*$/SLX_DNBD3_SERVERS='127.0.0.1'/;s/^SLX_DNBD3_FALLBACK=.*$/SLX_DNBD3_FALLBACK='${SLX_DNBD3_SERVERS} ${SLX_DNBD3_FALLBACK}'/" '/opt/openslx/config'
 
 else
 
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
index 51047a99..a1af17dc 100644
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
@@ -77,6 +77,7 @@ add_ips "IN" "127.0.0.0/8" 0 "ACCEPT"
 add_ips "OUT" "127.0.0.0/8" 0 "ACCEPT"
 add_ips "OUT" "$SLX_DNS" 53 "ACCEPT"
 add_ips "OUT" "$SLX_DNBD3_SERVERS" 5003 "ACCEPT"
+add_ips "OUT" "$SLX_DNBD3_FALLBACK" 5003 "ACCEPT"
 add_ips "OUT" "$SLX_KCL_SERVERS $SLX_SERVER_IP" 0 "ACCEPT"
 
 # sssd
-- 
cgit v1.2.3-55-g7522