For initial Whonix-Host release my plan is:
- no clearnet traffic allowed
- optional clearnet / captive portal will be sorted out in a later release or user documentation
- torified traffic for apt and sdwdate
- separate host Tor process, anon connection wizard
This is because the Whonix brand stands for “the all Tor operating system”. No exceptions. No IFs. That brand must not be damaged / confused / diluted.