i’m trying to understand qubes internals about networking. i noticed there is this nftables chain “dnat-dns” set at startup.
i cannot find which script / behaviour set this chain at startup.
help?
When the main interface is initialized by the qubes-network-uplink systemd service, the /usr/lib/qubes/setup-ip script is started.
This script does a lot of things, but what you are looking for is when it reaches the configure_qubes_ns function. It runs /usr/lib/qubes/qubes-setup-dnat-to-ns which creates the dnat-dns chain and sets the correct values.
2 Likes
interesting! how could I have found this script myself? is it called at startup by systemd?