Am 03/10/2017 um 12:36 AM schrieb Unman: > On Fri, Mar 10, 2017 at 12:11:20AM +0100, evo wrote: >> >> >> Am 03/09/2017 um 11:58 PM schrieb Unman: >>> On Thu, Mar 09, 2017 at 11:48:23PM +0100, evo wrote: >>>> >>>> >>>> Am 03/09/2017 um 11:45 PM schrieb Unman: >>>>>> >>>>>> with -vv it shows me the whole script in terminal.. without problems. >>>>>> >>>>>> hmm... wait... do i need "iptables -I" just one time at the beginning? >>>>>> i think this is the mistake. i have it before every line. >>>>> >>>>> Each line is evaluated separately, so you need the full command on each >>>>> line. >>>>> >>>>> There's nothing wrong with the line you quoted. >>>>> Post another line - one that you think isn't implemented, or better >>>>> still the whole of the file. >>>>> >>>>> unman >>>>> >>>> >>>> i looked after this rule and the thing was, it was listed also in the >>>> standard firewall-settings on the GUI. So no rule works in the script. >>>> >>> >>> So post the lines that arent working >>> >> >> >> iptables -I FORWARD -s 10.137.x.x -d x.0.0.0/8 -p tcp --dport 443 -j ACCEPT >> >> iptables -I FORWARD -s 10.137.x.x -d x.0.0.0/8 -p tcp --dport 80 -j ACCEPT >> >> and so on. >> >> the source IP is always the same, because it goes from the same VM, the >> dest.IP is in the upper case the same too, because it should give the >> 443 and 80 on the same website. >> >> can this be a problem, the same dest.IPs and different ports with two >> entries? must i write it in one entry with two ports? if yes then, how? > > Those are fine, and both work exactly as expected in > qubes-firewall-user-script. > > What template are you using? > > Just to be absolutely sure, you are using these in > qubes-firewall-user-script on the firewall, and you are triggering the > change by connecting a qube to the firewall? Yes? > > What happens if you simply run the script? > /rw/config/qubes-firewall-user-script > > On combining you can use multi-ports, like this: > iptables -I FORWARD -m multiport -p tcp --dports 80,443 -j ACCEPT > You can use up to 15 ports, and include ranges, like 20:25 - that covers > 6 ports but only counts as 2 toward the limit. > > >
debian 8 is the template oh.. i think, i understand the problem :D i used the script on the App-VM and not on the FW-VM. so the problem is clear now.. sometimes these are just simple things. multiport is a good option thanks and good night! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ed99cdc9-84eb-3325-1550-aab7d670ead6%40aliaks.de. For more options, visit https://groups.google.com/d/optout.
