Qube-Firewall: How to handle changing IPs?

Skip to first unread message


Jul 29, 2022, 5:08:08 AMJul 29
to qubes-users
Hi there,

many large providers use CDNs or similar structures, which results in
the same FQDN being resolved to different IPs.
Afaik the Qube-Firewall-Settings resolve a DNS entry only once (on
add/edit) and internaly use that IP. This is a problem with my
mail-provider (web.de) as well es for Updates of Thunderbird Add-Ons.
Besides workarounds like manually refreshing the firewall settings or
temporary allowing full web access: is there a fix for these issues?

David Hobach

Jul 29, 2022, 11:43:28 AMJul 29
to qubes-users
See [1]. It happens less often than one might think though.

[1] https://github.com/QubesOS/qubes-issues/issues/5225


Aug 11, 2022, 12:13:04 PMAug 11
to qubes-users
Is there really no approach to fix this? What about a cron job which
checks for a change DNS resolve every now and then and updates the
ip-filter, for example?

Am 29.07.22 um 11:08 schrieb r.wie...@web.de:


Aug 11, 2022, 12:31:41 PMAug 11
to David Hobach, qubes-users
Sorry, I just noticed that I missed your answer because you did not
answer me directly, but only to the list. The issue you reference to is
quite long to read and parts of it are several years old, is there
something ready for testing?

You say "less often", for my imap-server imap.web.de this semms to appen
about every second weeks I think.

Am 29.07.22 um 17:43 schrieb David Hobach:

David Hobach

Aug 11, 2022, 4:29:07 PMAug 11
to r.wie...@web.de, qubes-users
I mentioned DNS pinning in the very end and posted a working solution there as well.
I personally use it since about back then.
Reply all
Reply to author
0 new messages