Qubes 3.2 - Firewalling Tor connections?
38 views
Skip to first unread message
Michael Strasser
Sep 2, 2017, 8:05:08 AM9/2/17
to qubes-users
Hi!
I've been wondering if it is possible to allow connections only to
certain domains via Tor from an app vm (e.g. Firewall blocks everything
except google.com and access to google.com is via Tor).
From my understanding the "Firewall rules" for the App VMs are handled
by sys-firewall? Now the standard configuration is to route sys-whonix
through sys-firewall, so any attempts at setting firewall rules is
useless, because the IP address that sys-firewall sees is a Tor entry node.
Is there a way to create a second firewall net-vm that I could set up in
front of sys-whonix, or is my understanding of networking in Qubes wrong?
Best regards,
Michael
I've been wondering if it is possible to allow connections only to
certain domains via Tor from an app vm (e.g. Firewall blocks everything
except google.com and access to google.com is via Tor).
From my understanding the "Firewall rules" for the App VMs are handled
by sys-firewall? Now the standard configuration is to route sys-whonix
through sys-firewall, so any attempts at setting firewall rules is
useless, because the IP address that sys-firewall sees is a Tor entry node.
Is there a way to create a second firewall net-vm that I could set up in
front of sys-whonix, or is my understanding of networking in Qubes wrong?
Best regards,
Michael
Unman
Sep 2, 2017, 9:14:18 AM9/2/17
to Michael Strasser, qubes-users
Just create a new proxy, set sys-whonix as its netvm, and change the
netvm in your appVMs to the new proxy.
Unfortunately you cant specify google.com as a target, because it is
resolved at the time the rule is set up. You could work around this by
resolving www.google.com and using all the relevant IP addresses in the
firewall rules.
Or you could have one or two entries in /etc/hosts and allow only those
IP addresses.
unman
Reply all
Reply to author
Forward
0 new messages