diff --git a/network/vif-qubes-nat.sh b/network/vif-qubes-nat.sh index 1b38bbec..f69b047b 100755 --- a/network/vif-qubes-nat.sh +++ b/network/vif-qubes-nat.sh @@ -47,7 +47,7 @@ function netns run ip addr flush dev "$netns_appvm_if" run ip netns delete "$netns" || : -if test "$command" = online; then +if [[ "$command" = online ]]; then echo 1 > "/proc/sys/net/ipv6/conf/$netns_appvm_if/disable_ipv6" run ip netns add "$netns" run ip link set "$netns_appvm_if" netns "$netns" @@ -63,7 +63,7 @@ if test "$command" = online; then netns sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward' - if test -n "$undetectable_netvm_ips"; then + if [[ -n "$undetectable_netvm_ips" ]]; then # prevent an AppVM connecting to its own ProxyVM IP because that makes the internal IPs detectable even with no firewall rules more_antispoof=" ip daddr != { $netvm_ip, $netvm_gw_ip, $netvm_dns1_ip, $netvm_dns2_ip }" else diff --git a/network/vif-route-qubes b/network/vif-route-qubes index 1bcb26d1..39a90633 100755 --- a/network/vif-route-qubes +++ b/network/vif-route-qubes @@ -227,7 +227,7 @@ $nftables_cmd element $ipt qubes downstream { $addr }" # "allowed" map fi -if [ "$command" = "online" ]; then +if [[ "$command" = "online" ]]; then ip link set dev "${vif}" group 2 up fi @@ -245,7 +245,7 @@ if [ "${ip}" ]; then network_hooks "${command}" "${vif}" "${addr}" done ${cmdprefix} ip addr "${ipcmd}" "${back_ip}/32" dev "${vif}" - if [ "${back_ip6}" ] && [[ "${back_ip6}" != "fe80:"* ]] && [[ "$ipv6_disabled" = '0' ]]; then + if [[ -n "${back_ip6}" ]] && [[ "${back_ip6}" != "fe80:"* ]] && [[ "$ipv6_disabled" = '0' ]]; then ${cmdprefix} ip addr "${ipcmd}" "${back_ip6}/128" dev "${vif}" echo 1 >"/proc/sys/net/ipv6/conf/${vif}/proxy_ndp" fi @@ -254,6 +254,6 @@ else fi log debug "Successful vif-route-qubes $command for $vif." -if [ "$command" = "online" ]; then +if [[ "$command" = "online" ]]; then success fi