What decides which VM is the FirewallVM?
28 views
Skip to first unread message
almigh...@gmail.com
Dec 31, 2016, 10:11:54 PM12/31/16
to qubes-users
Hi,
From my understanding, the FirewallVM is where the firewall rules are put into place from the Qubes VM Manager. The sys-firewall VM acts as the FirewallVM by default but what decides which VM gets that role? Is it automatically the first ProxyVM connected through the NetVM? Does naming a ProxyVM "sys-firewall" make it the FirewallVM? I can't find anything on how the FirewallVM is decided in the documentation at https://www.qubes-os.org/doc/firewall/. It would be handy to know if creating all VMs from scratch instead of using the defaults when Qubes OS is installed.
Thanks
WillyPillow
Dec 31, 2016, 10:51:49 PM12/31/16
to almigh...@gmail.com, qubes...@googlegroups.com
-------- Original Message --------
On 2017年1月1日 11:11, wrote:
Hi, From my understanding, the FirewallVM is where the firewall rules are put into place from the Qubes VM Manager. The sys-firewall VM acts as the FirewallVM by default but what decides which VM gets that role? Is it automatically the first ProxyVM connected through the NetVM? Does naming a ProxyVM "sys-firewall" make it the FirewallVM? I can't find anything on how the FirewallVM is decided in the documentation at https://www.qubes-os.org/doc/firewall/. It would be handy to know if creating all VMs from scratch instead of using the defaults when Qubes OS is installed. Thanks
When you create an VM, you have the option of making it a ProxyVM. After that, you can connect other VMs (even ProxyVMs) to that ProxyVM, making the ProxyVM the FirewallVM of the VM. IIRC, the option in Qubes Manager that decides what ProxyVM an VM connects to is simply called "NetVM".
In short, there's not really an "one and only FirewallVM" in the system, but FirewallVMs that are assigned to each AppVM.
--WillyPillow
On 2017年1月1日 11:11, wrote:
Hi, From my understanding, the FirewallVM is where the firewall rules are put into place from the Qubes VM Manager. The sys-firewall VM acts as the FirewallVM by default but what decides which VM gets that role? Is it automatically the first ProxyVM connected through the NetVM? Does naming a ProxyVM "sys-firewall" make it the FirewallVM? I can't find anything on how the FirewallVM is decided in the documentation at https://www.qubes-os.org/doc/firewall/. It would be handy to know if creating all VMs from scratch instead of using the defaults when Qubes OS is installed. Thanks
In short, there's not really an "one and only FirewallVM" in the system, but FirewallVMs that are assigned to each AppVM.
--WillyPillow
almigh...@gmail.com
Dec 31, 2016, 11:44:07 PM12/31/16
to qubes-users, almigh...@gmail.com, w...@nerde.pw
On Sunday, January 1, 2017 at 2:21:49 PM UTC+10:30, WillyPillow wrote:
> In short, there's not really an "one and only FirewallVM" in the system, but FirewallVMs that are assigned to each AppVM.
> In short, there's not really an "one and only FirewallVM" in the system, but FirewallVMs that are assigned to each AppVM.
I see now, thanks. Each ProxyVM acts as the FirewallVM for whichever VMs use it as a NetVM.
Reply all
Reply to author
Forward
0 new messages