Replying from a new account since I didn’t keep the credentials to the old one.
Thanks @HulaHoop for your response. I’ve used tcpdump so far in a Workstation, all packets are (as expected) between the Workstation and the Gateway, not easy to find the destination IP. Running it with -A shows http requests with the destination IP however parsing it will probably be less easy with other applications. I suspect I will have a similar issue with wireshark.
No intention to solve all of those issues, certainly not battle an adversary that monitors the entire internet.
Without advanced means, a malware would need to be very clever indeed to adapt itself to specific destinations that it can manipulate, if such exist in the list (for example to send info through it’s own protonmail account).
Recent example - the exploit on electrum, where user were prompted through it’s messaging system to download a new version, then the malware is downloaded. This exploit could not have worked with the same ease in a whitelisted environment.
Qubes already provides an easily editable firewall.
Can we consider building a similar (basic, simpler) functionality in VirtualBox Whonix-Gateway?
OK. I am weary however to mess with the Gateway’s iptables. Easier with http://ipset.netfilter.org/ ?