Long time ago.
I cannot find this pull request anymore.
if [ -e /run/qubes/this-is-netvm ] || [ -e /run/qubes/this-is-proxyvm ]; then
## The same for squid from qubes-updates-cache, which runs as user vm-updates.
if getent passwd vm-updates > /dev/null; then
$nftables_cmd add rule inet nat output ip protocol udp skuid vm-updates ct state new counter dnat to "127.0.0.1:${DNS_PORT_GATEWAY}"
## TODO: IPv6: missing rule
$nftables_cmd add rule inet nat output ip protocol tcp skuid vm-updates ct state new counter dnat to "127.0.0.1:${TRANS_PORT_GATEWAY}"
## TODO: IPv6: missing
fi
fi
- I ported it from iptables to nftables but didn’t test it.
- TODO: IPv6: missing
- Possible to abolish all of it and use socks. (tinyproxy nowadays using socks)