Firewall outbount
27 views
Skip to first unread message
709245782094578209435780924357809432578
Oct 2, 2016, 3:26:18 PM10/2/16
to qubes-users
Hello,
I like to limit the VM network-traffic to some specific IP's.
So I like to use the FW rules deny network access except ...
How I can see the blocked Outound traffic, so I can build up the firewall rules for this?
Can I define also IP-ranges, so it will work more efficient to block ranges in an easy way?
Kind Regards
Andrew David Wong
Oct 2, 2016, 5:53:12 PM10/2/16
to 709245782094578209435780924357809432578, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-10-02 12:26, 709245782094578209435780924357809432578 wrote:
> Hello,
>
> I like to limit the VM network-traffic to some specific IP's.
>
> So I like to use the FW rules deny network access except ...
>
> How I can see the blocked Outound traffic, so I can build up the firewall rules for this?
>
You may need to use some kind of tool (tcpdump?) to monitor this.
> Can I define also IP-ranges, so it will work more efficient to block ranges in an easy way?
>
Yes, you can specify IP ranges, CIDR blocks, etc.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX8YHAAAoJENtN07w5UDAwTTsP/RKdMu3YBlb5Puo4TqCgdj7h
/w3wvVjgZX8dwYYt4dTy4HTSvroWQBG9HV5OjBMJcyoSlhP/J9tM6w3mgg+Xaput
3GoNfX3uOwi2k7sqp7VHmna3uqFVTnXithYYH9YTRiKKXEtWVo6LSPArJaZF8918
Y5fvIYGG3r0wzbtBaytDsFLujkaPfSo6f/Zl6bje1gewbaMzojTP+23zkkMOtpNh
gAF+CPkBaK7OCwvKzZvrqLzAkUcbGK3kRyY/+k49NOAtoB4jzJhXOi1qBRWV0Owo
3Byc0vLnNnAUcbuDNZ7A3TiIBrnmoQEZK088tzcA+LxhQbdNyewWFqP5yoRsOjkb
ZYd3GGC96EZQzBgBaC4iKjceCEFgKwvoF2iRCzKZgD9luy7+/vYWVN2tbDVxmhde
/pSAmx0mnM58VNfdqRYrliJcbPQrOlSFLnVsc7HRD/aAUSTiU9szZloImdNm5jmE
ld0KsaltOdVPGXxS1+NQLcwcValLJvGiU0Ofxerr9fKecNfoMY/e1bbq0FgcsCLN
FdSl4CiWExziPm/IyFBc/lpzqjfaAP8SXlUVpCKakVg/pJ14e2qqvJcTCoHAQHn4
bat8TvESKANn6NYwniZ4qnFSTxslghMLB6mlvQCxAWI84mwVUnoiZG37PlZTcVM0
eOhRjuCBpPOW9VCINxpt
=04+Z
-----END PGP SIGNATURE-----
Hash: SHA512
On 2016-10-02 12:26, 709245782094578209435780924357809432578 wrote:
> Hello,
>
> I like to limit the VM network-traffic to some specific IP's.
>
> So I like to use the FW rules deny network access except ...
>
> How I can see the blocked Outound traffic, so I can build up the firewall rules for this?
>
> Can I define also IP-ranges, so it will work more efficient to block ranges in an easy way?
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX8YHAAAoJENtN07w5UDAwTTsP/RKdMu3YBlb5Puo4TqCgdj7h
/w3wvVjgZX8dwYYt4dTy4HTSvroWQBG9HV5OjBMJcyoSlhP/J9tM6w3mgg+Xaput
3GoNfX3uOwi2k7sqp7VHmna3uqFVTnXithYYH9YTRiKKXEtWVo6LSPArJaZF8918
Y5fvIYGG3r0wzbtBaytDsFLujkaPfSo6f/Zl6bje1gewbaMzojTP+23zkkMOtpNh
gAF+CPkBaK7OCwvKzZvrqLzAkUcbGK3kRyY/+k49NOAtoB4jzJhXOi1qBRWV0Owo
3Byc0vLnNnAUcbuDNZ7A3TiIBrnmoQEZK088tzcA+LxhQbdNyewWFqP5yoRsOjkb
ZYd3GGC96EZQzBgBaC4iKjceCEFgKwvoF2iRCzKZgD9luy7+/vYWVN2tbDVxmhde
/pSAmx0mnM58VNfdqRYrliJcbPQrOlSFLnVsc7HRD/aAUSTiU9szZloImdNm5jmE
ld0KsaltOdVPGXxS1+NQLcwcValLJvGiU0Ofxerr9fKecNfoMY/e1bbq0FgcsCLN
FdSl4CiWExziPm/IyFBc/lpzqjfaAP8SXlUVpCKakVg/pJ14e2qqvJcTCoHAQHn4
bat8TvESKANn6NYwniZ4qnFSTxslghMLB6mlvQCxAWI84mwVUnoiZG37PlZTcVM0
eOhRjuCBpPOW9VCINxpt
=04+Z
-----END PGP SIGNATURE-----
raah...@gmail.com
Oct 2, 2016, 10:41:33 PM10/2/16
to qubes-users, kerste...@gmail.com
doesn't it go to dmesg or journalctl I gave up trying to monitor every vm lol. your vms gonna grow. I just stick to sys-net and firewall.
raah...@gmail.com
Oct 2, 2016, 10:47:26 PM10/2/16
to qubes-users, kerste...@gmail.com, raah...@gmail.com
I actually i woudln't even run monitoring software in firwall vm. only in sys-net.
Reply all
Reply to author
Forward
0 new messages