On 02/12/2018 11:42 AM, Yuraeitha wrote:
On Monday, February 12, 2018 at 8:21:12 AM UTC+1, Ivan Mitev wrote:
Hi,
In an effort to decrease R4's memory consumption I'm replacing the
default fedora-26 template with a customized one based on the official
minimal fedora-26 template.
I installed additional RPMs according to the documentation [1] and
everything seems to be working well, with a noticeable decrease of
memory usage. However I get the following error when opening a VM's
firewall settings gui:
"The 'work' qube is network connected to 'sys-firewall', which does not
support firewall!
You may edit the 'work' qube firewall rules, but these will not take any
effect until you connect it to a working Firewall qube."
But again, everything seems to work fine: the firewall rules are
properly enforced, there's no problem with net connectivity, the update
proxy is working, ...
There's no error message when sys-firewall is based on the default
fedora-26 template so I'm likely missing something but I don't see what.
I compared the qubes rpms installed in both templates but didn't notice
anything striking. Maybe there's a flag/preference or something that
needs to be set but I don't see where.
Any ideas ?
Thanks
Ivan
[1] https://www.qubes-os.org/doc/templates/fedora-minimal/
It sounds odd, it usually should work changing the template. My initial
thought-line on this issue goes like this, maybe it can be of use.
Is the iptable firewall package installed in the minimal template?
I'm thinking it may be iptables that is missing, since minimal templates can be
used for offline purposes too, then iptables is probably not included like most
other things that has been removed.
iptables is installed (that's one of the first thing I checked after I
saw the error msg).
[...]
- If Qubes tools are installed, networking works etc, and you got iptables
installed already, then my thoughts are that it's likely missing
system-config-*'s and the unavoidable full array of dependencies going with it.
Hmm, what are those system-config-*s you're talking about ?
- Try clone the template and essentially go berserk and not holding back,
install the entire system-config- array of packages, see if networking works.
If not, then either something is still missing, or firewalling has nothing to
do with the system-config packages.
- If it works, then try narrow down which packages that are used for
firewalling, perhaps you can reduce the amount of dependency packages being
pulled if you install just the package that firewall is using.
If there aren't hardcoded changes or manual configurations made in the
default fedora-26 template then yes, installing the exact same of rpms
would in theory fix the problem. But before spending significant time on
installing a bunch of rpms and then dissecting I thought I'd ask fellow
users first... Maybe the cause is obvious and I'm overlooking something.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/b159b73c-61a8-ec27-1bcb-832af323a017%40maa.bz.
For more options, visit https://groups.google.com/d/optout.