Last active
October 24, 2020 19:32
-
-
Save promovicz/e2b04263eaafbea5e99bce5434bab44e to your computer and use it in GitHub Desktop.
Qubes RPC service generating a hosts file for a firewall VM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # qubes.GetHostsFile - RPC service for retrieving a hosts file | |
| # | |
| # This will emit a hosts file containing the addresses of all qubes | |
| # directly connected to the qube calling the service. | |
| # | |
| # It can be used in firewall VMs to get name resolution for these VMs. | |
| # | |
| # Note that using this script might create an information leak. | |
| # | |
| # Be sure that you know what you are doing! | |
| # | |
| # | |
| # | |
| # Add this to /rw/config/rc.local in your firewall vm: | |
| # | |
| # qubes-client-vm dom0 qubes.GetHostsFile > /tmp/hosts.new \ | |
| # && mv /tmp/hosts.new /etc/hosts | |
| # | |
| # And allow the RPC by creating /etc/qubes-rpc/policy/qubes.GetHostsFile: | |
| # | |
| # sys-firewall dom0 allow | |
| # $anyvm $anyvm deny | |
| # | |
| # | |
| SELF="$QREXEC_REMOTE_DOMAIN" | |
| ADDR="$(qvm-prefs ${SELF} ip)" | |
| echo "127.0.0.1 localhost ip4-localhost ip4-loopback" | |
| echo "::1 localhost ip6-localhost ip6-loopback" | |
| echo "ff02::1 ip6-allnodes" | |
| echo "ff02::2 ip6-allrouters" | |
| echo "127.0.1.1 ${SELF}" | |
| domains="$(qvm-ls --raw-data -O NAME,IP,GATEWAY | grep -v '|\-$' | grep "|${ADDR}\$" | cut -d \| -f 1)" | |
| for domain in $domains; do | |
| address="$(qvm-prefs ${domain} ip)" | |
| echo "${address} ${domain}" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment