On Sunday, 18 September 2016 10:14:15 UTC+10, nishi...@gmail.com wrote: > Hello, > > Following Qubes documentation on firewall > https://www.qubes-os.org/doc/qubes-firewall/, I tried to put some basics > iptables rules into /rw/config/rc.local in an AppVM but they don't persist > after reboots : > > iptables -F
Don't use -F, flushing removes the Qubes inherant IPTables. Don't -P either. #/bin/sh iptables -I INPUT 1 -i lo -j ACCEPT iptables -I INPUT 2 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -I INPUT 3 -p tcp --dport 80 -j ACCEPT iptables -I INPUT 4 -p tcp --dport 443 -j ACCEPT > When I type "sudo iptables -L", they don't appear after rebooting the VM, I > have the same rules as before, it looks like the script isn't launched :( > This is weird because the file is executable ! ("sudo chmod +x rc.local"). > Also I tried to add sudo before every line but it didn't change the outcome. > have you made sure it's executable? (ls -al) If not, use the full command, not an abbreviated, because sometimes the abbreviated only affects user and group, not everyone. "chmod 766 rc.local" ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f3d6fd9e-4d66-4e1c-8b43-0ef8038ae612%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.