> On 07/14/2016 10:39 AM, [email protected] wrote: >> Good day >> I'm using a VPN in sys-net and would setup firewall rules to stop >> internet >> connection if VPN crash. In sys-net isn't possible to insert ip >> addresses, >> then I did it in sys-firewall. With some tests I saw that if VPN >> disconnect suddenly, sys-net finds my wifi network and doesn't break the >> connection, as I would. How can I solve this? (in the proxyVMs all work >> well) >> >> Thank you >> > > Take a look at https://www.qubes-os.org/doc/vpn/ > > For leak protection and security it is best to set up a vpn client in a > proxy vm, between sys-net and the appvms. You can follow the > instructions from the doc "Using iptables and openvpn", or use the > firewall script as an example. The two critical commands that prevent > leaks (in the proxy vm configuration) are: > > iptables -I FORWARD -o eth0 -j DROP > iptables -I FORWARD -i eth0 -j DROP > > This means that no forwarding can take place involving the > upstream/clearnet interface eth0, so the only way out is through the vpn > tunnel. > > Chris > Hi Chris Thank you for the explanation, I want to know if I can use firewall tab in sys-net (or sys-firewall) like I have done in proxyVM because I have also a VPN in sys-net. If it isn't possible, do I change ip tables in sys-net while in all the other proxyVMs I use firewall tab?
Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/af5acb681474f1eca91f975e669021d5.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
