On Thu, Apr 20, 2017 at 10:20:23PM -0700, 0124704701472470247 wrote: > Hello, > > How can I upload a white list of IP-Adresses for the firewall policy inbound > and outbound traffic in a simple and easy way? > > Kind Regards >
There are two approaches you can take: use qvm-prefs in dom0 to write rules (max of around 30 rules for a qube) If you want to whitelist http access , for example, put addresses in file and run: for i in `cat addresses`;do qvm-firewall -an <name> $i tcp 80; done This is fine for a small number of rules using similar port (eg whitelist 1 port or ALL, etc.) For more complicated situations, you would probably be better to write the rules in the firewall, and then reload them using /rw/config/qubes-firewall-user-script This will circumvent the size limit on the number of rules. Another method would be to write the rules directly in the qube, and apply them from /rw/config/rc.local You could write the rules, and use iptables-save to store them in /rw/config and then reload them from rc.local. Really it depends on what you want to do with that whitelist and what restrictions/permissions you want to set. For a simple case (block all access except to these addresses), the first method is simplest. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170421172045.GA8625%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
