-------- Original Message -------- Subject: [qubes-users] Re: Question to Mirage OS firewall users Local Time: January 19, 2017 12:06 AM UTC Time: January 19, 2017 12:06 AM From: r...@reginaldtiangha.com To: qubes-users@googlegroups.com
On 2017-01-18 7:30 AM, Антон Чехов wrote: > Hi! > > Is anyone using the mirage firewall in connection with a proxyVM? How do you > configure it properly? Does it handle qubes-firewall-users-scripts? > I've run a Mirage-based firewall both in front of and behind a firewallVM and they chain together fine. Mirage Firewall in its current iteration does *not* respect modifications to firewall rules via Qubes and has to be inputted manually (there are some instructions on how to do that on the software author's blog). It isn't to say that Mirage Firewall couldn't do it one day, but I believe the author of the code is leaving it up as an exercise for the reader. Maybe he'll get around to implementing it, or maybe not, but from a purely technical standpoint, there's no reason why it couldn't be modified to work with Qubes firewall user scripts, it's just that it hasn't been implemented yet. Note that even if you're running the latest code off of GitHub, currently, Mirage Firewall still doesn't work correctly with DispVMs (or at least, I haven't been able to get it to work; the DispVM connects to it, but there's no traffic), even though there were some minimal fixes applied to try to handle how it handles IP addresses from a different pool. Works fine with AppVMs, though, as well as TemplateVMs, at least in my experience. A workaround for dispVMs is creating the savefile without a firewallVM (i.e. set as "none"), then for each fresh dispVM, manually assign it to sys-mirage after it has been started. --WillyPillow -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ot6Ty_X0rMsx8y3qav_PGnwBpU9Tm32TkWWKoTZnhB4IkTKgp1Yg1OgTG5_hXwyp6VVpX1VENyICnabB0jgTByaWlB56n2Yl5JY_7R9tPo4%3D%40nerde.pw. For more options, visit https://groups.google.com/d/optout.
