Qubes Firewall + Whonix

ypofeisi · August 19, 2015, 6:16pm

Is the Qubes Firewall accessible through the VM Manager necessary to use with Whonix? What exactly does that firewall modify?

How does Whonix bypass that firewall? Even with ‘Deny all traffic…’ enabled, the Workstation still communicates with the Gateway.

Does Whonix function normally (same as non-Qubes versions) with the firewall set to ‘Accept all traffic…’ ?

Patrick · August 19, 2015, 9:44pm

This is not implemented.

Technical questions:

Up to whom is implementing ‘Deny al traffic’? The VM itself? Or what else?
How can a script from within the VM detect, that these setting is set?

Related:
https://phabricator.whonix.org/T372

jimmy · August 24, 2015, 8:47pm

IMO since Whonix sits on top of Qubes it should follow the Qubes trust model as much as possible. So, for example, the Whonix template VM should only allow access to the Whonix and Debian repositories because that is the trust model the main Fedora template uses. Of course, just like the Fedora template that can be overridden by the user manually by disabling the firewall or by installing packages manually. But the defaults should match between Whonix and Qubes.

Patrick · August 25, 2015, 12:54am

There is no disagreement about this. There is just too many requests, too few volunteers.