On Sunday, 18 September 2016 10:14:15 UTC+10, nishi...@gmail.com wrote:
> Hello,
>
> Following Qubes documentation on firewall
> https://www.qubes-os.org/doc/qubes-firewall/, I tried to put some basics
> iptables rules into /rw/config/rc.local in an AppVM but they don't persist
> after reboots :
>
> iptables -F
Don't use -F, flushing removes the Qubes inherant IPTables.
Don't -P either.
#/bin/sh
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -I INPUT 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 4 -p tcp --dport 443 -j ACCEPT
> When I type "sudo iptables -L", they don't appear after rebooting the VM, I
> have the same rules as before, it looks like the script isn't launched :(
> This is weird because the file is executable ! ("sudo chmod +x rc.local").
> Also I tried to add sudo before every line but it didn't change the outcome.
>
have you made sure it's executable? (ls -al)
If not, use the full command, not an abbreviated, because sometimes the
abbreviated only affects user and group, not everyone.
"chmod 766 rc.local" ?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f3d6fd9e-4d66-4e1c-8b43-0ef8038ae612%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
