On Thursday, January 19, 2017 at 1:07:17 AM UTC+1, Reg Tiangha wrote:
> On 2017-01-18 7:30 AM, Антон Чехов wrote:
> > Hi!
> > 
> > Is anyone using the mirage firewall in connection with a proxyVM? How do 
> > you configure it properly? Does it handle qubes-firewall-users-scripts?
> > 
> I've run a Mirage-based firewall both in front of and behind a
> firewallVM and they chain together fine. Mirage Firewall in its current
> iteration does *not* respect modifications to firewall rules via Qubes
> and has to be inputted manually (there are some instructions on how to
> do that on the software author's blog). It isn't to say that Mirage
> Firewall couldn't do it one day, but I believe the author of the code is
> leaving it up as an exercise for the reader. Maybe he'll get around to
> implementing it, or maybe not, but from a purely technical standpoint,
> there's no reason why it couldn't be modified to work with Qubes
> firewall user scripts, it's just that it hasn't been implemented yet.
> Note that even if you're running the latest code off of GitHub,
> currently, Mirage Firewall still doesn't work correctly with DispVMs (or
> at least, I haven't been able to get it to work; the DispVM connects to
> it, but there's no traffic), even though there were some minimal fixes
> applied to try to handle how it handles IP addresses from a different
> pool. Works fine with AppVMs, though, as well as TemplateVMs, at least
> in my experience.

@Reg & Willy
Thank you for sharing your experiences and the advice. I will try to wrap my 
head around this topic.
I have been trying the firewall with an AppVM already and it looked like it was 
working fine but I have to dig deeper into the process (for my understanding). 

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to