On Sunday, 18 September 2016 10:14:15 UTC+10, nishi...@gmail.com  wrote:
> Hello,
> Following Qubes documentation on firewall 
> https://www.qubes-os.org/doc/qubes-firewall/, I tried to put some basics 
> iptables rules into /rw/config/rc.local in an AppVM but they don't persist 
> after reboots :
> iptables -F

Don't use -F, flushing removes the Qubes inherant IPTables.
Don't -P either.

iptables -I INPUT 1 -i lo -j ACCEPT
iptables -I INPUT 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT 3  -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 4  -p tcp --dport 443 -j ACCEPT 

> When I type "sudo iptables -L", they don't appear after rebooting the VM, I 
> have the same rules as before, it looks like the script isn't launched :( 
> This is weird because the file is executable ! ("sudo chmod +x rc.local"). 
> Also I tried to add sudo before every line but it didn't change the outcome.

have you made sure it's executable? (ls -al)

If not, use the full command, not an abbreviated, because sometimes the 
abbreviated only affects user and group, not everyone.
"chmod 766 rc.local" ?

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to