Allow network traffic/internet from Whonix Gateway Guest & deny from Host

Hi everyone,

I would like to know what’s the best way to setup Whonix on Linux (& maybe Mac) so that ONLY Whonix has access to the Internet & the Host OS by default does not. It would also help if the host could temporarily be given access for updates.


No one documented that yet to my knowledge. TODO development:
Wouldn’t hold my breath for it though.

good idea , never found that OS tho. but i would ask why dont we modify for e.g debian jessie as the host OS and inside of it already installed kvm with whonix workstation and gateway by default in this modified debian, and all of that in one image .ova . and sure this debian can only be updated and also its isolated from all programs which has an outside traffic.

if this step going to be achieved , i think its going to be even more secure theoretically than whonix+qubes, because qubes OS case we r depending on another OS which has its own problems which may affect whonix anonymity. because they didnt design it to support whonix , and we r having this issue with all hosting OSs to whonix, because there is no OS which i know designed to support whonix by default.

so i think this step is very important to make an entire OS presenting anonymity within itself without depending (even by installation) on another OS (like a parasite).

Because… Too few contributors. Too much work. Unrealistic.

Some more write up from my side about the host operating system: