On Fri, May 19, 2017 at 12:21:08AM +0200, 'PR' via qubes-users wrote: > Hello Unman, > > > On 05/19/2017 12:01 AM, Unman wrote: > >On Thu, May 18, 2017 at 01:55:31PM -0700, 'PR' via qubes-users wrote: > >>Hello, > >> > >>when using AppVMs for special purposes, I like to use deny all firewall > >>rules and only open the neccessary ports. > >>Unfortunately this means a step-by-step approach to find out which domains > >>and ports needs to open. > >> > >>Question: > >>Where can I find a log file which shows what the firewall is blocking from > >>inside (AppVM) to outside (WAN). > >>I know that I've missed some ports to get things up and running, but I > >>don't know where to look for them. > >Hello, > > > >You create a log file by inserting a new rule in the iptables chain, > >using the LOG target. > > > >Let's say you want to check what's happening on sys-firewall to > >traffic from 10.137.1.101 > >iptables -L -nv will show the current rules. > >Count where the current DROP rule appears in the FORWARD chain - say, > >it's at position 4. > >Then insert a LOG rule before that DROP rule: > >iptables -I FORWARD 4 -s 10.137.1.101 -j LOG > > > > > >Now all the DROPPED traffic will be logged, and you can use dmesg to > >inspect those logs. > > > >unman > perfect, thanks!! > I assume that this rule is non-persistent and will not survive a reboot of > sys-net, correct? > This would be great as I only need this rule to fine tune my firewall > settings. > > - P
reboot of "sys-firewall" I think you mean, otherwise you're right. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170518230817.GA23932%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.