On Thursday, January 19, 2017 at 1:07:17 AM UTC+1, Reg Tiangha wrote: > On 2017-01-18 7:30 AM, Антон Чехов wrote: > > Hi! > > > > Is anyone using the mirage firewall in connection with a proxyVM? How do > > you configure it properly? Does it handle qubes-firewall-users-scripts? > > > > I've run a Mirage-based firewall both in front of and behind a > firewallVM and they chain together fine. Mirage Firewall in its current > iteration does *not* respect modifications to firewall rules via Qubes > and has to be inputted manually (there are some instructions on how to > do that on the software author's blog). It isn't to say that Mirage > Firewall couldn't do it one day, but I believe the author of the code is > leaving it up as an exercise for the reader. Maybe he'll get around to > implementing it, or maybe not, but from a purely technical standpoint, > there's no reason why it couldn't be modified to work with Qubes > firewall user scripts, it's just that it hasn't been implemented yet. > > Note that even if you're running the latest code off of GitHub, > currently, Mirage Firewall still doesn't work correctly with DispVMs (or > at least, I haven't been able to get it to work; the DispVM connects to > it, but there's no traffic), even though there were some minimal fixes > applied to try to handle how it handles IP addresses from a different > pool. Works fine with AppVMs, though, as well as TemplateVMs, at least > in my experience.
@Reg & Willy Thank you for sharing your experiences and the advice. I will try to wrap my head around this topic. I have been trying the firewall with an AppVM already and it looked like it was working fine but I have to dig deeper into the process (for my understanding). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/00f397a6-f227-4051-8c93-02a566c91887%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
