Qubes-OS socket connection to allow external connections

qvm-portfwd-socat

NetVM=$1
TargetVM=$2
Service=$3
TCP_Port=$4
wasrunning=$(qvm-ls | grep $TargetVM | grep -i RUNNING)
echo -ne "TCP socket connection for $Service from $NetVM to $TargetVM on port $TCP_Port...\nPress Any Key to End\n\n"

trap cleanup 1 2 3 6 15
cleanup() {
#       qvm-run -p -u root $NetVM "iptables-save | grep -v 'SOCAT_PortFwd-$Service' | iptables-restore"
        qvm-run -p -u root $NetVM "nft delete rule ip qubes custom-input handle \$(nft -a list ruleset | grep SOCAT_PortFwd | head -1 | awk '{print \$NF}')"
        qvm-run -p -u root $NetVM "pkill -HUP -f 'socat -d -d TCP-LISTEN:$TCP_Port'"
        qvm-run -p -u root $TargetVM "pkill -HUP -f 'tail -f /home/user/.config/$Service/$Service.log'"
        if [ -z "$wasrunning" ] ; then qvm-shutdown $TargetVM ; fi
}

qvm-start --skip-if-running $TargetVM
#qvm-run -p -u root $NetVM "iptables -A INPUT -p tcp --dport $TCP_Port -m conntrack --ctstate NEW -j ACCEPT -m comment --comment 'SOCAT_PortFwd-$Service'"
qvm-run -p -u root $NetVM "nft add rule ip qubes custom-input tcp dport $TCP_Port ct state new counter accept comment SOCAT_PortFwd"
qvm-run -p -u root $NetVM "socat -d -d TCP-LISTEN:$TCP_Port,reuseaddr,fork EXEC:'qrexec-client-vm $TargetVM $Service'" &
qvm-run -p -u root $TargetVM "tail -f /home/user/.config/$Service/$Service.log 2>/dev/null" &

read -p ""

cleanup
sleep 5

exit 0

Dear @Joeviocoe also for this script: Are the changes persistent upon next reboot or even beyond that?