Information
ID: 466
PHID: PHID-TASK-gak2fvp3cfkuw6uwj2o3
Author: Patrick
Status at Migration Time: open
Priority at Migration Time: Normal
Description
TODO:
make sys-whonix function as Qubes FirewallVM
Blocker:
Waiting for Qubes ticket Implement new firewall dom0->VM interface to be implemented.
Forum discussion:
https://forums.whonix.org/t/sys-whonix-does-not-yet-function-was-qubes-firewallvm
A sys-whonix currently does it’s job as a ProxyVM, but not as a FirewallVM. It currently ignores QubesDB qubes-iptables entries.
- Therefore, for example, any TemplateVM using sys-whonix as its NetVM does not block the TemplateVM from using the open (torified) internet. (T372) (That will be solved once set NetVM of TemplateVMs to none by default / make TemplateVMs non-networked by default gets implemented.)
- Additional firewall rules in 'Firewall rules’ tab are ignored.
Any suggestion on how to implement it without re-inventing qubes-core-agent-linux/network/qubes-firewall? Or refactoring the Qubes code so Whonix can just call the required portion of it?
Related:
Comments
marmarek
2016-01-19 02:07:51 UTC
Patrick
2016-10-05 21:38:57 UTC
marmarek
2016-10-05 23:18:29 UTC
Patrick
2016-10-08 17:22:13 UTC