Tips for configuring Qubes firewall?
74 views
Skip to first unread message
fiftyfour...@gmail.com
Feb 7, 2020, 10:40:52 AM2/7/20
to qubes-users
I'm new to Qubes and I've nearly finished setting up my machine for it's first network connection (purged all Fedora, enabled AppArmor, disabled passwordless root, etc.)
Firewalls are an enigma to me but I know they're super important, so I just wanted to ask: Is there anything you think I should know before connecting?
- Is it fine to just stick with the installation default?
- Are there any firewall structures (e.g. more than one) that confer improved security?
- Any rules you'd say are highly recommended for the security and privacy enthusiast?
All I'm looking to do is surf the internet using tor and/or vpn, and maybe torrenting. High tolerance for annoyance. No plans for other apps yet.
Feel free to add in any other security tips someone like me might find essential
Thanks in advance!
awokd
Feb 9, 2020, 9:04:41 AM2/9/20
to qubes...@googlegroups.com
fiftyfour...@gmail.com:
Probably!
> - Are there any firewall structures (e.g. more than one) that confer
> improved security?
I have a hard time thinking of a scenario where multiple sys-firewalls
would protect from a compromise while a single would not. Doesn't mean
there isn't one.
> - Any rules you'd say are highly recommended for the security and
can set a rule for sys-whonix so it can only communicate to its IP &
port. You can also disable IPv6 on it and Whonix workstations
(qvm-features sys-whonix ipv6 '').
> Feel free to add in any other security tips someone like me might find
> essential
>
> Thanks in advance!
>
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
> I'm new to Qubes and I've nearly finished setting up my machine for it's
> first network connection (purged all Fedora, enabled AppArmor, disabled
> passwordless root, etc.)
>
> Firewalls are an enigma to me but I know they're super important, so I just
> wanted to ask: Is there anything you think I should know before connecting?
>
> - Is it fine to just stick with the installation default?
> first network connection (purged all Fedora, enabled AppArmor, disabled
> passwordless root, etc.)
>
> Firewalls are an enigma to me but I know they're super important, so I just
> wanted to ask: Is there anything you think I should know before connecting?
>
Probably!
> - Are there any firewall structures (e.g. more than one) that confer
> improved security?
I have a hard time thinking of a scenario where multiple sys-firewalls
would protect from a compromise while a single would not. Doesn't mean
there isn't one.
> - Any rules you'd say are highly recommended for the security and
> privacy enthusiast?
>
> All I'm looking to do is surf the internet using tor and/or vpn, and maybe
> torrenting. High tolerance for annoyance. No plans for other apps yet.
If you have a reliable guard/bridge that is also a directory server you
>
> All I'm looking to do is surf the internet using tor and/or vpn, and maybe
> torrenting. High tolerance for annoyance. No plans for other apps yet.
can set a rule for sys-whonix so it can only communicate to its IP &
port. You can also disable IPv6 on it and Whonix workstations
(qvm-features sys-whonix ipv6 '').
> Feel free to add in any other security tips someone like me might find
> essential
>
> Thanks in advance!
>
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
fiftyfour...@gmail.com
Feb 9, 2020, 12:57:41 PM2/9/20
to qubes-users
Thanks for taking the time to reply!
Reply all
Reply to author
Forward
0 new messages