Any help to configure sys-firewall would be also really appreciated. I got this annoying pop-up when I click on "Firewall rules" tab under the sys-firewall proxyVM settings :
"The 'sys-firewall' AppVM is not network connected to a FirewallVM! You may edit the 'sys-firewall' VM firewall rules, but these will not take any effect until you connect it to a working Firewall VM." Only subject related to this problem I found is this message from Unman on Qubes-users group : "When you configure the firewall rules for a vm those rules are applied ON THE FIREWALL to which the vm is attached. So the error message you get is entirely accurate - your firewall is not attached to a firewall and so the rules cannot be applied. Of course you COULD configure a firewall between the fw and the netvm but the same consideration would apply to THAT fw. There's no reason why you cant configure the fw iptables by hand if you want to: you can use /rw/config/qubes-firewall-user-script to have these rules applied automatically." Ok so here's what I understand from this message : this proxyVM Firewall is probably working but rules don't apply because it is attached to a NetVM, which don't have any firewall policies by default. https://www.qubes-os.org/doc/qubes-firewall/ Official documentation says : "Every VM in Qubes is connected to the network via a FirewallVM, which is used to enforce network-level policies. By default there is one default Firewall VM, but the user is free to create more, if needed." And then you got explanations on how to edit rules in a specific VM for a given domain. So I understand you have to edit rules on a AppVM to open up ports there, but I mean not everyone running Qubes OS is highly graduated in IT and network routing. I find quite disappointing that the official documentation don't mention more clearly how to set up the default sys-firewall proxyVM, like if you are supposed to check either "Deny network access except" or "Allow network access except" button or if that doesn't matter, if those policies won't apply anyway because of this pop-up... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7616133c-134c-41e4-99ac-1dc1b5508260%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
