Custom firewall rules on host

Hello, everybody! :slightly_smiling_face:

Just wondering what specific host iptable rules are absolutely necessary for the Whonix-External and Whonix-Internal networks to operate normally. Any rules beyond that added by libvirt I would like to remove for more security and control.

I’ve carefully read the libvirt iptables documentation but still remain unsure as to what I can remove or alter.

The shipped configs are the barebones absolutely needed to get things functional. Libvirt does support extra rules for security and filtering between machines but I chose not to use them to minimize attack surface and keep things simple. To ensure guest safety/separation one is advised to simply create another isolated network based on the internal config and not bother with anything else.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]