Page MenuHomePhabricator

use /etc/whonix_firewall.d/32_qubes rather than /etc/whonix_firewall.d/30_default
Closed, ResolvedPublic

Description

Use /etc/whonix_firewall.d/32_qubes rather than /etc/whonix_firewall.d/30_default. Otherwise users run into an dpkg interactive conflict resolution dialog next time Whonix is upgraded.

/etc/whonix_firewall.d is a .d Style Configuration Folder. So you can just drop your snippet and overrule existing settings.

Event Timeline

Patrick created this task.Feb 15 2015, 11:06 AM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: Whonix, Qubes.
Patrick renamed this task from use /etc/whonix_firewall.d/40_qubes rather than /etc/whonix_firewall.d/30_default to use /etc/whonix_firewall.d/32_qubes rather than /etc/whonix_firewall.d/30_default.Feb 15 2015, 11:38 AM
Patrick updated the task description. (Show Details)

/etc/whonix_firewall.d/30_default was identified by you as one of the configurations files that needed it IP address changed. The only change is to update the IP address to those of Qubes.

Should a complete copy of 40_qubes be written to 30_default and will that completely override 40_qubes?

Don't write to 30_default at all (or dpkg interactive conflict resolution dialog will pop up on update).

A complete copy is neither useful nor required.

Let's say for example 30_default contains CONTROL_PORT_FILTER_PROXY_ENABLE=1 and you dislike that setting. Then just create a file 40_something and the only code relevant line would be CONTROL_PORT_FILTER_PROXY_ENABLE=0. That's it. (Additional stuff: license header, comments for explanation.)

Then the CONTROL_PORT_FILTER_PROXY_ENABLE setting from 30_ default would never be used. Only the one from 40_something.

So just set the IP variable you want to override in the config file with the higher (lexical) name.

(I am not sure if 32_ or 40_ is best. https://www.whonix.org/forum/index.php/topic,841.msg6207.html#msg6207)

nrgaway closed this task as Resolved.Feb 16 2015, 8:51 AM
nrgaway claimed this task.

Removed /etc/whonix_firewall.d/30_default from the replace-ips scripts since all the IP addresses within 30_default are commented out which resolves the issue of modifying the file to begin with.

https://github.com/nrgaway/qubes-whonix/commit/f2678cf2de8ebde15a62929d5c1ea14d16a37008