-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-08-26 08:49, [email protected] wrote: > Hello, > > I have troubles to set up a basic firewall under an AppVM running trough a > proxyVM running OpenVPN inside. > > When I click on the "Deny network access except" then add a global > exception (like * http tcp), I can connect to the web, but this method > doesn't work with my AppVM connected to the proxyVM-VPN :( > > If someone knows how to set up a basic firewall to browse the web behind a > VPN proxyVM and share how to do it, even if Qubes is already secured > considering you can easily delete domains if they get compromised, that > would be great ! > > Regards >
If you want to be able to apply firewall rules with that setup, you'll have to make another FirewallVM to sit in between the AppVM and the VPNVM, like this: my-appvm --> sys-vpn-firewall --> sys-vpn --> sys-firewall -->sys-net - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXwQUuAAoJENtN07w5UDAw5YsP/0gmpXuALpMZDSbj3P4uRuZE jbMtmsGAA88r8oK0rIjaECJ+GGQZAyK0MiI4IVmF3ubyUv9/ONozHVDXVmcGrREn opmu3rfCGi+Qd9ny80oW1yLrxZ/EYxiIHIZwdCJ8OgC+gXaai7O0CtIW4+fj1fTE UDTjscAImPLDaRnlrXk4PombyAx5XMqTchO4DtlE9gauhEGkYIXn/wd6+kQYGfgo yjgsDNoTBk6QONCb0APgBRGS4kmdcMHszwMFhbywzlREf38zSkmEnxxDIYejg113 eRrlYjq+TN9i74ysFby6AadSrXG8bKLnwMnqMfXNLFnQYyVkQTtZb2hJDHpn87xf AFUYbEx/h2Tmc4wVRTDm9F14mdp7yLgLI05M03nOios2GS3TGpBSDnNyeuEcfUeR 8OSbPJduyptHCkJHWMvpMk7ktaK5C0dCPcMFI07xgtVAG/T0OCcR5tyCwtGU1ccD RYv5ugaIbbTNbLgZt5vtXLxeF4e/iTVvmIibNtj7W6T8a7459BCDXNTW28jlSfye Q+TjBKcgerVidpuRtGlvz7ZbMDuknBV8osy7Ri6if8NlTVCdU5mToBc/8hhLG5jG HC8sYbHFYDbHFBDj353e2AgYlVCXiRah/YwT6tOdKRgjp2rzgnY7L/ttTguCJu+D tdqT2D8HXKw9tA1WUGU9 =Q3g8 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/192e3f69-5fcb-7bd4-111c-93a65fdc0adf%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
