On Mon, Jan 09, 2017 at 07:09:41PM +0000, 5xe89r+1y7rhqhfisytc via qubes-users wrote: > Got it now! :D > > I set this up by myself because I want to force all the traffic to go through > the vpn (that is installed on the sys-fw). I've created a custom iptables > rule white-listing all traffic originated from the templateVMs on dport 8082 > and now it works as expected! > Many thanks for the valuable help Unman! > > Btw, strangely when the vpn is first set via the networkmanager that INPUT > rule that white-lists everything to the dport 8082 is created. However when > after that another AppVM is started the rule is trashed. > Any idea why this is happening? > > Many thanks! >
You've hit the effect of the qubes-firewall service. This updates iptables following the addition of a downstream qube. To work around this you need tom out your custom rules in to /rw/config/qubes-firewall-user-script, and make it executable. This is in the docs at www.qubes-os.org/doc/firewall If you have a consistent setup then you could save the rules as you want them, load them from rc.local and /rw/config/qubes-firewall-user-script and disable the qubes-firewall service. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170109201850.GA8696%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
