-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, Sep 25, 2015 at 03:00:45PM +0000, Patrick Schleizer wrote:
> Hi,
>
> do we have documentation on the things that usually technically happen
> when switching Qubes VM Manger Firewall tab settings?
All that settings are in separate file - firewall.xml in the VM
directory. If the VM is running, those settings are converted to
iptables syntax and loaded into QubesDB of directly connected ProxyVM.
The `qubes-firewall` service in the ProxyVM watch for such changes and
applies the rules.
There is one side effect - enabling access to "updates proxy"
automatically turns on `yum-proxy-setup` service (hmm, this should be
renamed to `updates-proxy-setup`) to have the VM configured to actually
use the proxy.
> Background: I am trying to find out on how bad it would be if these
> settings are enabled for Whonix VMs or if these matter at all.
Since `qubes-firewall` service is disabled in Whonix Gw (it is, right?),
nothing will happen.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJWBWY7AAoJENuP0xzK19csvJgH/1GXN2rArvvwRb8Nw1YFt5Pa
tM7nAJHlwwu8iCl4nFm1nOMJ+wSYClQODge5v09UKwk6BKTWHVKsS3nTwrYiYATr
vnv9t1X7AVO9RFF2S2XHbQbyWtvnPOebDAindd2CTpVgCA5mlliXkBoH8wnWSrN+
xbTJGnRu6xmOhpsgJVaLD+Pad3pFyu4LMhgTpivAUXhl9SLiGxP66D/Bf1RUezcW
Ce505Hcux63bWVhHi++UNstlejjT2g7Gl7+1FFw0ZCceO42i7+GO5C/mhbICGADY
RRGEioIynSJikE3nmTse23/4kFgM+iT34fmLSWy2r8/vug0bwutEYAkrm0CTcwk=
=LDxI
-----END PGP SIGNATURE-----