Qubes Firewall + Whonix

Is the Qubes Firewall accessible through the VM Manager necessary to use with Whonix? What exactly does that firewall modify?

How does Whonix bypass that firewall? Even with ‘Deny all traffic…’ enabled, the Workstation still communicates with the Gateway.

Does Whonix function normally (same as non-Qubes versions) with the firewall set to ‘Accept all traffic…’ ?

This is not implemented.

Technical questions:

• Up to whom is implementing ‘Deny al traffic’? The VM itself? Or what else?
• How can a script from within the VM detect, that these setting is set?

Related:

• Qubes sys-whonix does not do its job as Qubes FirewallVM
• sys-whonix does not yet function was Qubes FirewallVM

IMO since Whonix sits on top of Qubes it should follow the Qubes trust model as much as possible. So, for example, the Whonix template VM should only allow access to the Whonix and Debian repositories because that is the trust model the main Fedora template uses. Of course, just like the Fedora template that can be overridden by the user manually by disabling the firewall or by installing packages manually. But the defaults should match between Whonix and Qubes.

There is no disagreement about this. There is just too many requests, too few volunteers.