On 05/31/2016 09:27 PM, Drew White wrote:
Hi folks,
I'm trying to get my ProxyVM to work properly the way I want it to,
but the firewall is not cooperating and I feel there is either
something I am doing wrong, OR something in Qubes initial
configuration causing an issue, but I can't find what is wrong.
Any good help would be greatly appreciated.
Thanks in advance!
The result I'm looking for is to block everything outgoing from vif+
to any ip range OTHER than what I specify.
The hashed out are ones that I tried, but they failed.
In the end I brought it back to the first one, the base simplicity,
but even that still doesn't work (and I didn't think it would really,
but I tried it anyway).
Syntax errors...
iptables -i $eth -s 1.2.3.0/24 -j ACCEPT
iptables -o $eth -d 1.2.3.0/24 -j ACCEPT
iptables -o $eth -j DROP
iptables -i $eth -j DROP
^ This block is missing a command and chain name, such as '-A INPUT'.
#iptables -I PREROUTING 1 -i vif+ -o $eth -d 1.2.3.0/24 -m state
--state NEW -p tcp -m tcp -j ACCEPT
#iptables -I PREROUTING 1 -i vif+ -o $eth -d 1.2.3.024 -p udp -m udp
-j ACCEPT
#iptables -I PREROUTING 3 -i vif+ -m state --state NEW -p tcp -m tcp
-j DROP
#iptables -I PREROUTING 3 -i vif+ -p udp -m udp -j DROP
^ This block is trying to use the default table, which doesn't have a
PREROUTING chain. Try specifying '-t nat'.
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/574F923F.1060901%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
