Hi folks, I'm trying to get my ProxyVM to work properly the way I want it to, but the firewall is not cooperating and I feel there is either something I am doing wrong, OR something in Qubes initial configuration causing an issue, but I can't find what is wrong.
Any good help would be greatly appreciated. Thanks in advance! The result I'm looking for is to block everything outgoing from vif+ to any ip range OTHER than what I specify. The hashed out are ones that I tried, but they failed. In the end I brought it back to the first one, the base simplicity, but even that still doesn't work (and I didn't think it would really, but I tried it anyway). iptables -i $eth -s 1.2.3.0/24 -j ACCEPT iptables -o $eth -d 1.2.3.0/24 -j ACCEPT iptables -o $eth -j DROP iptables -i $eth -j DROP #iptables -I PREROUTING 1 -i vif+ -o $eth -d 1.2.3.0/24 -m state --state NEW -p tcp -m tcp -j ACCEPT #iptables -I PREROUTING 1 -i vif+ -o $eth -d 1.2.3.024 -p udp -m udp -j ACCEPT #iptables -I PREROUTING 3 -i vif+ -m state --state NEW -p tcp -m tcp -j DROP #iptables -I PREROUTING 3 -i vif+ -p udp -m udp -j DROP # #iptables -I FORWARD 1 -i vif+ -o $eth -d 1.2.3.0/24 -m state --state NEW -p tcp -m tcp -j ACCEPT #iptables -I FORWARD 1 -i vif+ -o $eth -d 1.2.3.0/24 -p udp -m udp -j ACCEPT #iptables -I FORWARD 3 -i vif+ -j DROP # #iptables -I INPUT 1 -i vif+ -d 1.2.3.0/24 -m state --state NEW -p tcp -m tcp -j ACCEPT #iptables -I INPUT 1 -i vif+ -d 1.2.3.0/24 -p udp -m udp -j ACCEPT #iptables -I INPUT 3 -i vif+ -j DROP # #iptables -I OUTPUT 1 -o $eth -d 1.2.3.0/24 -m state --state NEW -p tcp -m tcp -j ACCEPT #iptables -I OUTPUT 1 -o $eth -d 1.2.3.0/24 -p udp -m udp -j ACCEPT #iptables -I OUTPUT 3 -o $eth -j DROP -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3bf93129-7fa6-4177-bada-1f0fc3adc129%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
