Hello Unman,
On 05/19/2017 12:01 AM, Unman wrote:
On Thu, May 18, 2017 at 01:55:31PM -0700, 'PR' via qubes-users wrote:
Hello,
when using AppVMs for special purposes, I like to use deny all firewall rules
and only open the neccessary ports.
Unfortunately this means a step-by-step approach to find out which domains and
ports needs to open.
Question:
Where can I find a log file which shows what the firewall is blocking from
inside (AppVM) to outside (WAN).
I know that I've missed some ports to get things up and running, but I don't
know where to look for them.
Hello,
You create a log file by inserting a new rule in the iptables chain,
using the LOG target.
Let's say you want to check what's happening on sys-firewall to
traffic from 10.137.1.101
iptables -L -nv will show the current rules.
Count where the current DROP rule appears in the FORWARD chain - say,
it's at position 4.
Then insert a LOG rule before that DROP rule:
iptables -I FORWARD 4 -s 10.137.1.101 -j LOG
Now all the DROPPED traffic will be logged, and you can use dmesg to
inspect those logs.
unman
perfect, thanks!!
I assume that this rule is non-persistent and will not survive a reboot
of sys-net, correct?
This would be great as I only need this rule to fine tune my firewall
settings.
- P
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/7682876a-acf6-d3d6-d8de-bcbdeda51a7a%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.
