On 10/06/2017 12:14 PM, filtration wrote:
> Can you create another sys-net chain with the second interface? You
> could keep things isolated without scripting. Assuming you are using
> Qubes 3.2, the interface could be assigned to sys-net-2 via VM
> Settings->Devices.
>
Looks like you and both Mike Keehan had the same/similar idea.
I could add a second firewall vm and use the same sys-net (I don't think
I could use a different sys-net as easily because I want to use the same
pci network device, just attach another IP)
In fact this machine already has two NIC's and two separate
sys-net/sys-firewall setups on it so I can route some vm's out entirely
separate physical interfaces.
But really I was hoping to accomplish this without adding the additional
memory overhead of another sys-firewall instance.