On 01/30/2017 11:21 AM, Jane Jok wrote: > I know that Qubes security model doesn't rely on users system for security, > but combined with iptables, this could prevent traffic leaks when running > certain "wonky" VPN configs (for instance, ipsec based VPNs where a tun > device is absent) by straight up disallowing a certain user from > communicating over anything other than the VPN link. Hm, this sound like you're running a VPN in your AppVM. Are you? If so, a better solution (that can easily achieve your goal of preventing leaks, albeit for an entire VM instead of a specific user of a VM) is to use a ProxyVM, as documented here: https://www.qubes-os.org/doc/vpn/.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f40a993-5019-9830-b064-f522cd9fa075%40freedom.press. For more options, visit https://groups.google.com/d/optout.
