Firewall Broken
50 views
Skip to first unread message
qub...@tutanota.com
Jan 22, 2017, 1:18:15 PM1/22/17
to Qubes Users
Qubes 3.2
Have created new AppVM and within "firewall rules" restricted access using "deny access" to all websites [by leaving it blank] or just a single website. Bizarrely however,the firewall lets all traffic thro'
Any ideas
--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com
Have created new AppVM and within "firewall rules" restricted access using "deny access" to all websites [by leaving it blank] or just a single website. Bizarrely however,the firewall lets all traffic thro'
Any ideas
--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com
Unman
Jan 22, 2017, 3:55:59 PM1/22/17
to qub...@tutanota.com, Qubes Users
On Sun, Jan 22, 2017 at 07:18:13PM +0100, qub...@tutanota.com wrote:
> Qubes 3.2
> Have created new AppVM and within "firewall rules" restricted access using "deny access" to all websites [by leaving it blank] or just a single website. Bizarrely however,the firewall lets all traffic thro'
> Any ideas
>
Do you have the qube connected to a firewall, or directly to sys-net?
> Qubes 3.2
> Have created new AppVM and within "firewall rules" restricted access using "deny access" to all websites [by leaving it blank] or just a single website. Bizarrely however,the firewall lets all traffic thro'
> Any ideas
>
If the latter, then sys-net (by default) does not implement the Qubes
firewall.
If the former, open a console in the firewall and look at the relevant
rules :
iptables -L -nv
Are there rules allowing the traffic from the relevant IP in the FORWARD
chain?
Try changing the netvm for the relevant qube - make sure the iptables
rules change on the firewall. Then try reconnecting.
You can do this on command line using:
qvm-prefs <name> netvm -s none
and
qvm-prefs <name> netvm -s <firewall>
Andrew David Wong
Jan 23, 2017, 7:45:51 AM1/23/17
to Unman, qub...@tutanota.com, Qubes Users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2017-01-22 12:55, Unman wrote:
> On Sun, Jan 22, 2017 at 07:18:13PM +0100, qub...@tutanota.com wrote:
>> Qubes 3.2
>> Have created new AppVM and within "firewall rules" restricted access using "deny access" to all websites [by leaving it blank] or just a single website. Bizarrely however,the firewall lets all traffic thro'
>> Any ideas
>>
>
> Do you have the qube connected to a firewall, or directly to sys-net?
>
Adding to this: If the VM is connected directly to sys-whonix, the
same symptoms will occur. This is a known issue.
> If the latter, then sys-net (by default) does not implement the Qubes
> firewall.
>
> If the former, open a console in the firewall and look at the relevant
> rules :
> iptables -L -nv
> Are there rules allowing the traffic from the relevant IP in the FORWARD
> chain?
>
> Try changing the netvm for the relevant qube - make sure the iptables
> rules change on the firewall. Then try reconnecting.
> You can do this on command line using:
> qvm-prefs <name> netvm -s none
> and
> qvm-prefs <name> netvm -s <firewall>
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYhfryAAoJENtN07w5UDAwbxoP/2EmhcRJUwdgwyHMA/4rajAE
w7rUuED0T29SizNRVQeZHgfFP5AYvhks2cY/9KTurvs1rvV6G7UdTOTHkAGcMypQ
9HHxwG8RMlDOTCFFulKd54oXM56+5HDtUFWUTAfx6jrPHl/FGjNSEv1GwTCSO5V8
hkDHoPfdppFI5zn+P0MLgEs4crXo6nNhqwDjn312ydCPnHLAdABj2X1pGeRrdomU
HiB4rvElRtImURzV3jd2xi9zM2klF9xOFFyHS6JSWFo26QPifjmauHm3VUjBjCvp
pQppmA62s2ztXoljv6CTAOwvR124nMuClxD8NKu1PpnpZ0ZpadoaesUw79tUfYUr
Kroj8rThVP1go8vSzY/YyO2d0v3Z8jpR+iDXJ1amyCGLjEEkBXHPlHQNqs8vFmGk
Uqiy3GvQGpDaI/LVHNuN2+MmfRKRSZ/1tnjtYvDf1dcl93EGBHKg/cO7XSdxaWF7
OaNUdHcZsylJbcJMNuZ/Z7ZGbhoK8wzBUAFXjTBgrnI1D2XjoGKydq7fqZncvUJG
128ip4MiMGpjvvjPzUYPqWaRvGgxk4dudDiPAW/RmmF5DcJZexIDVGmYz+9rlRoF
TZYF4b8oGJ6CvLc0VyKn8KGaceg8igzq7X3x0xvKsg12WQJBTqIvMqgj96un39/z
WRiTv5VWsyK7YgMeOo/l
=V2SG
-----END PGP SIGNATURE-----
Hash: SHA512
On 2017-01-22 12:55, Unman wrote:
> On Sun, Jan 22, 2017 at 07:18:13PM +0100, qub...@tutanota.com wrote:
>> Qubes 3.2
>> Have created new AppVM and within "firewall rules" restricted access using "deny access" to all websites [by leaving it blank] or just a single website. Bizarrely however,the firewall lets all traffic thro'
>> Any ideas
>>
>
> Do you have the qube connected to a firewall, or directly to sys-net?
>
same symptoms will occur. This is a known issue.
> If the latter, then sys-net (by default) does not implement the Qubes
> firewall.
>
> If the former, open a console in the firewall and look at the relevant
> rules :
> iptables -L -nv
> Are there rules allowing the traffic from the relevant IP in the FORWARD
> chain?
>
> Try changing the netvm for the relevant qube - make sure the iptables
> rules change on the firewall. Then try reconnecting.
> You can do this on command line using:
> qvm-prefs <name> netvm -s none
> and
> qvm-prefs <name> netvm -s <firewall>
>
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYhfryAAoJENtN07w5UDAwbxoP/2EmhcRJUwdgwyHMA/4rajAE
w7rUuED0T29SizNRVQeZHgfFP5AYvhks2cY/9KTurvs1rvV6G7UdTOTHkAGcMypQ
9HHxwG8RMlDOTCFFulKd54oXM56+5HDtUFWUTAfx6jrPHl/FGjNSEv1GwTCSO5V8
hkDHoPfdppFI5zn+P0MLgEs4crXo6nNhqwDjn312ydCPnHLAdABj2X1pGeRrdomU
HiB4rvElRtImURzV3jd2xi9zM2klF9xOFFyHS6JSWFo26QPifjmauHm3VUjBjCvp
pQppmA62s2ztXoljv6CTAOwvR124nMuClxD8NKu1PpnpZ0ZpadoaesUw79tUfYUr
Kroj8rThVP1go8vSzY/YyO2d0v3Z8jpR+iDXJ1amyCGLjEEkBXHPlHQNqs8vFmGk
Uqiy3GvQGpDaI/LVHNuN2+MmfRKRSZ/1tnjtYvDf1dcl93EGBHKg/cO7XSdxaWF7
OaNUdHcZsylJbcJMNuZ/Z7ZGbhoK8wzBUAFXjTBgrnI1D2XjoGKydq7fqZncvUJG
128ip4MiMGpjvvjPzUYPqWaRvGgxk4dudDiPAW/RmmF5DcJZexIDVGmYz+9rlRoF
TZYF4b8oGJ6CvLc0VyKn8KGaceg8igzq7X3x0xvKsg12WQJBTqIvMqgj96un39/z
WRiTv5VWsyK7YgMeOo/l
=V2SG
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages