persistance of change by iptables for portforwarding
32 views
Skip to first unread message
lik...@gmx.de
Oct 5, 2019, 10:35:37 AM10/5/19
to qubes...@googlegroups.com
Hi!
I found a script to ease the setup of port forwarding, which uses iptables:
https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b
Can anyone assess how persistant these changes are? I've noticed that internal qube IPs as well IPs in my private networks change, so that I'm not sure whether the changes applied by the script above will
- survive a reboot of qubes?
- survive a reboot of netvm?
- survive a rebbot of the AppVm which is used as routing target?
Thxs in advance! Pete.
I found a script to ease the setup of port forwarding, which uses iptables:
https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b
Can anyone assess how persistant these changes are? I've noticed that internal qube IPs as well IPs in my private networks change, so that I'm not sure whether the changes applied by the script above will
- survive a reboot of qubes?
- survive a reboot of netvm?
- survive a rebbot of the AppVm which is used as routing target?
Thxs in advance! Pete.
Chris Laprise
Oct 5, 2019, 11:42:17 AM10/5/19
to lik...@gmx.de, qubes...@googlegroups.com
following:
/rw/config/qubes-ip-change-hook
/rw/config/qubes-firewall.d
/rw/config/qubes-firewall-user-script
The qubes-firewall.d is a directory where you can add multiple scripts.
See https://www.qubes-os.org/doc/config-files/
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
lik...@gmx.de
Oct 6, 2019, 5:47:47 PM10/6/19
to qubes...@googlegroups.com
On 2019-10-05 16:42, Chris Laprise wrote:
- iptables-save
- iptables
are not persistent and will be gone after reboot of qubes/AppVm/NetVm, right? I'd like to know whether it's necessary to clean up every time or whether a reboot is sufficient to clear the port forwarding.
> On 10/5/19 10:35 AM, liked2-Mm...@public.gmane.org wrote:
>> Hi!
>>
>> I found a script to ease the setup of port forwarding, which uses iptables:
>> https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b
>>
>> Can anyone assess how persistant these changes are? I've noticed that internal qube IPs as well IPs in my private networks change, so that I'm not sure whether the changes applied by the script above will
>> - survive a reboot of qubes?
>> - survive a reboot of netvm?
>> - survive a rebbot of the AppVm which is used as routing target?
>>
>> Thxs in advance! Pete.
>>
>
> Depending on the type of VM you probably want to modify one of the following:
>
> /rw/config/qubes-ip-change-hook
> /rw/config/qubes-firewall.d
> /rw/config/qubes-firewall-user-script
>
> The qubes-firewall.d is a directory where you can add multiple scripts.
>
> See https://www.qubes-os.org/doc/config-files/
>
This means that the used tools in the script like
>> Hi!
>>
>> I found a script to ease the setup of port forwarding, which uses iptables:
>> https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b
>>
>> Can anyone assess how persistant these changes are? I've noticed that internal qube IPs as well IPs in my private networks change, so that I'm not sure whether the changes applied by the script above will
>> - survive a reboot of qubes?
>> - survive a reboot of netvm?
>> - survive a rebbot of the AppVm which is used as routing target?
>>
>> Thxs in advance! Pete.
>>
>
> Depending on the type of VM you probably want to modify one of the following:
>
> /rw/config/qubes-ip-change-hook
> /rw/config/qubes-firewall.d
> /rw/config/qubes-firewall-user-script
>
> The qubes-firewall.d is a directory where you can add multiple scripts.
>
> See https://www.qubes-os.org/doc/config-files/
>
- iptables-save
- iptables
are not persistent and will be gone after reboot of qubes/AppVm/NetVm, right? I'd like to know whether it's necessary to clean up every time or whether a reboot is sufficient to clear the port forwarding.
Chris Laprise
Oct 8, 2019, 6:13:45 PM10/8/19
to lik...@gmx.de, qubes...@googlegroups.com
Anything done from /rw/config will be swept away when the VM shuts down.
However, if you read the doc there is also an option to use /etc (i.e.
if you want to add the script to the template and have all the dependent
VMs run it).
Reply all
Reply to author
Forward
0 new messages