A departure from the R3.x behavior that I think may compromise network
security is that in R4.0 proxyVMs /proc/sys/net/ipv4/ip_forward is '1'
while qubes-firewall is starting and executing firewall scripts.
Unless there is some detail that makes ip_forward moot, I think there
should be a patch (ex: /etc/sysctl.conf) to have the initial VM
forwarding state at '0' until qubes-firewall finishes initializing.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/2e157a97-b6a0-d091-ab11-9b77633a1a45%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
