Why so many outgoing IP?

[mk2...@googlemail.com]

Hello everyone
I am a beginner (start watching linux only a few months ago, so really beginner :)
I do not understand why so many IP come out after a clean installation without browser ...
of course there are IPs for NTP, but not only ...
my question, how to stop all IP coming out?
I try with the hosts file, or iptables, it fades at each restart.
I wish to have total control of the machine (everyone must want the same thing here I think), and after a 2 weeks, I have never arrived ...
I even thought about trying to put pfsense on it, but being a beginner and having read what I read, it's way above my possibilities.
if any one to solutions to stop all these outgoing IP and to easily edit iptables and hosts files (in VMs and even in dom0)?
I am on the R3,2

[awokd]

You are probably seeing Qubes checking for OS updates, and GNOME itself in
each AppVM can be pretty chatty. Dom0 does not have any network
connection, so nothing you change there will affect the traffic. Try this
for every AppVM you are using:

- go to VM settings, Basic tab, set Networking to (none) if that AppVM
does not need it
- for ones that need networking, go to VM settings, Firewall tab and
create rules there to restrict traffic
- change to the fedora-minimal template for your sys-* VMs

You will still see traffic for OS update checks and NTP, but the rest
should be minimized.

[viq]

Do you have sys-whonix running? You could be seeing tor traffic.
Also, if you want to understand what's going under the hood, qubes may
not be the best starting point. If your goal is to understand why things
are happening and how to control them, I think I would suggest spending
a few months with plain fedora, or possibly even something like
archlinux or gentoo or slackware, where if you want something to happen
you have to do it yourself.

[mk2...@googlemail.com]

@aworkd
thank you for your answer, always fast (I am sometimes connected with caropelin, for memory I had recovered a G505s that I sent back, which did not prevent me to order the hardware for coreboot).
I already have all the appVmM on none (for those without networks).
I will try to pass the filtration by the firewall (instead of iptables).
when you say minimal, it is with the minimum of applications? or something else ?
it is not possible to block by "hosts" or iptables?
I saw that some used scripts, but I did not manage to have a (complex) result.
I already use scripts (VisualBasic simple scripts) under windows
There is also a lot of d IP fedora, but I also wish to control this, this should be the case for everyone I think ...

[mk2...@googlemail.com]

@vic viq
thank you for the intervention.
no, no sys-whonix. I have limited all that I can for isolated causes.
I realize that qubes is not the ideal system for the beginner, it's even the opposite, but I really want to start because I am very concerned about security.

[mk2...@googlemail.com]

that's what I see coming out of the qubes >>>>>>>>>
139.59.199.215
slardar.parseq.co.uk
ns1.luns.net.uk
timekeeper.webwiz.net
mail1.ugh.no
pob01.aplu.fr
213.251.53.217
server.spnr.de
nrp2.wirehive.net
2b.ncomputers.org
nice.stuff.is
engelbert.waffle.sexy
5751b502.skybroadband.com
ntp2.wirehive.net
formularfetischisten.de
85.199.214.102
195.219.205.9
213.251.52.107
head1.mirror.cath.com
ntp1.vps.net
188-39-213-7.static.enta.net
time.videxio.net
77.68.79.90
85.199.214.101
hemel-hempstead.dan.me.uk
time.netweaver.net
ntp.teaparty.net
electra.pinklemon.net
121.35.213.162.lcy-02.canonistack.canonical.com
ams.aput.net
time.shf.uk.as44574.net

[awokd]

On Sat, May 12, 2018 3:31 pm, mk2mix via qubes-users wrote:
> @aworkd
> thank you for your answer, always fast (I am sometimes connected with
> caropelin, for memory I had recovered a G505s that I sent back, which did
> not prevent me to order the hardware for coreboot).
> I already have all the appVmM on none (for those without networks).
> I will try to pass the filtration by the firewall (instead of iptables).
> when you say minimal, it is with the minimum of applications? or something
> else ?

I mean a template like
https://www.qubes-os.org/doc/templates/fedora-minimal/.
I saw in your other post a lot of it looked like NTP queries, like you
said. For troubleshooting, you might want to try manually setting three or
four NTP servers in sys-net instead of automatic selection. I think there
is also a way to temporarily disable checking for updates but can't find
it right now. Should cut down on some noise, but reverse the changes when
done.

> it is not possible to block by "hosts" or iptables?
> I saw that some used scripts, but I did not manage to have a (complex)
> result.

You should be able to customize iptables/nft further in sys-firewall;
check out https://www.qubes-os.org/doc/firewall/. I haven't done much with
that, though.

[mk2...@googlemail.com]

After spending a lot of time looking everywhere I was not down on fedora-minimal, thanks, actually it may be a track, I hope so.
Or can we modify all the NTP?
(actions like "systemctl disable ntp" do not seem to be enough)

[mk2...@googlemail.com]

sorry for the translations that are not very good.
I meant that I had not seen the possibility of "minimal-fedora", so thank you.
it may be a good track.
I already tried "systemctl ntp disable"
it does not seem to prevent.

[awokd]

On Sat, May 12, 2018 11:35 pm, mk2mix via qubes-users wrote:
> sorry for the translations that are not very good.

No problem!

> I meant that I had not seen the possibility of "minimal-fedora", so thank
> you.
> it may be a good track.
> I already tried "systemctl ntp disable"
> it does not seem to prevent.

On a Debian template based sys-net at least, it would be "systemctl
disable systemd-timesyncd". Maybe it would be a good idea to do like that
other poster suggested and work on figuring out where communications are
coming from in just one OS? You mentioned pfsense, but wireshark might be
more useful. You could set it up in Qubes like:

Debian/Fedora HVM -> Proxy VM w/Wireshark (haven't tested) -> sys-firewall

Then you can apply what you learned from that to Qubes.