On Thu, May 18, 2017 at 01:55:31PM -0700, 'PR' via qubes-users wrote: > Hello, > > when using AppVMs for special purposes, I like to use deny all firewall rules > and only open the neccessary ports. > Unfortunately this means a step-by-step approach to find out which domains > and ports needs to open. > > Question: > Where can I find a log file which shows what the firewall is blocking from > inside (AppVM) to outside (WAN). > I know that I've missed some ports to get things up and running, but I don't > know where to look for them. > > - P >
Hello, You create a log file by inserting a new rule in the iptables chain, using the LOG target. Let's say you want to check what's happening on sys-firewall to traffic from 10.137.1.101 iptables -L -nv will show the current rules. Count where the current DROP rule appears in the FORWARD chain - say, it's at position 4. Then insert a LOG rule before that DROP rule: iptables -I FORWARD 4 -s 10.137.1.101 -j LOG Now all the DROPPED traffic will be logged, and you can use dmesg to inspect those logs. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170518220139.GA23598%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
