On Sun, 2 Jun 2024 20:34:33 +0200 Marek Marczykowski-Górecki wrote: > sys-net is [...] the sandbox that may become compromised due to > direct network access.
Exactly why I ask: what value has a firewall in sys-net at all? If we assume it can be compromised at any time, how are we protecting anything through antispoofing its uplink interfaces? > It's the role of sys-firewall (among other things) to protect > other qubes from outside network, including potentially compromised > sys-net. That's why anti-spoofing rules are important on eth0 too. But you also say: On Thu, 23 May 2024 15:53:39 +0200 Marek Marczykowski-Górecki wrote: > Well, this is too broad, as for example sys-net is allowed to use its > own IP to send packets down the network (like to sys-firewall or other > qubes). Do you mean (conntrack) established,related? > It would also break any communication to your LAN (like, using > network printer in your LAN)... Without a clear definition of what traffic is allowed (whitelist), I don't see how this can be solved. Simply allowing e.g. 10.137.x.x is also broad. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20240603080822.0009d16a%40localhost.
