IP List Import into FW?

[0124704701472470247]

Hello,

How can I upload a white list of IP-Adresses for the firewall policy inbound and outbound traffic in a simple and easy way?

Kind Regards

[Unman]

There are two approaches you can take:
use qvm-prefs in dom0 to write rules (max of around 30 rules for a qube)
If you want to whitelist http access , for example, put addresses in
file and run:
for i in `cat addresses`;do qvm-firewall -an <name> $i tcp 80; done

This is fine for a small number of rules using similar port (eg
whitelist 1 port or ALL, etc.)

For more complicated situations, you would probably be better to write
the rules in the firewall, and then reload them using
/rw/config/qubes-firewall-user-script
This will circumvent the size limit on the number of rules.

Another method would be to write the rules directly in the qube, and
apply them from /rw/config/rc.local
You could write the rules, and use iptables-save to store them in
/rw/config and then reload them from rc.local.

Really it depends on what you want to do with that whitelist and what
restrictions/permissions you want to set. For a simple case (block all
access except to these addresses), the first method is simplest.

unman