On Mon, Feb 12, 2018 at 06:41:49PM +0200, Ivan Mitev wrote: > > > On 02/12/2018 06:26 PM, Unman wrote: > > On Mon, Feb 12, 2018 at 12:03:46PM +0200, Ivan Mitev wrote: > > > > > > > > > On 02/12/2018 11:42 AM, Yuraeitha wrote: > > > > On Monday, February 12, 2018 at 8:21:12 AM UTC+1, Ivan Mitev wrote: > > > > > Hi, > > > > > > > > > > In an effort to decrease R4's memory consumption I'm replacing the > > > > > default fedora-26 template with a customized one based on the official > > > > > minimal fedora-26 template. > > > > > > > > > > I installed additional RPMs according to the documentation [1] and > > > > > everything seems to be working well, with a noticeable decrease of > > > > > memory usage. However I get the following error when opening a VM's > > > > > firewall settings gui: > > > > > > > > > > "The 'work' qube is network connected to 'sys-firewall', which does > > > > > not > > > > > support firewall! > > > > > You may edit the 'work' qube firewall rules, but these will not take > > > > > any > > > > > effect until you connect it to a working Firewall qube." > > > > > > > > > > But again, everything seems to work fine: the firewall rules are > > > > > properly enforced, there's no problem with net connectivity, the > > > > > update > > > > > proxy is working, ... > > > > > > > > > > There's no error message when sys-firewall is based on the default > > > > > fedora-26 template so I'm likely missing something but I don't see > > > > > what. > > > > > I compared the qubes rpms installed in both templates but didn't > > > > > notice > > > > > anything striking. Maybe there's a flag/preference or something that > > > > > needs to be set but I don't see where. > > > > > > > > > > Any ideas ? > > > > > > > > > > Thanks > > > > > Ivan > > > > > > > > > > [1] https://www.qubes-os.org/doc/templates/fedora-minimal/ > > > > > > > > > > > > It sounds odd, it usually should work changing the template. My initial > > > > thought-line on this issue goes like this, maybe it can be of use. > > > > > > > > Is the iptable firewall package installed in the minimal template? > > > > > > > > I'm thinking it may be iptables that is missing, since minimal > > > > templates can be used for offline purposes too, then iptables is > > > > probably not included like most other things that has been removed. > > > > > > iptables is installed (that's one of the first thing I checked after I saw > > > the error msg). > > > > > > > > > [...] > > > > > > > - If Qubes tools are installed, networking works etc, and you got > > > > iptables installed already, then my thoughts are that it's likely > > > > missing system-config-*'s and the unavoidable full array of > > > > dependencies going with it. > > > > > > Hmm, what are those system-config-*s you're talking about ? > > > > > > > > > > - Try clone the template and essentially go berserk and not holding > > > > back, install the entire system-config- array of packages, see if > > > > networking works. If not, then either something is still missing, or > > > > firewalling has nothing to do with the system-config packages. > > > > > > > > - If it works, then try narrow down which packages that are used for > > > > firewalling, perhaps you can reduce the amount of dependency packages > > > > being pulled if you install just the package that firewall is using. > > > > > > If there aren't hardcoded changes or manual configurations made in the > > > default fedora-26 template then yes, installing the exact same of rpms > > > would > > > in theory fix the problem. But before spending significant time on > > > installing a bunch of rpms and then dissecting I thought I'd ask fellow > > > users first... Maybe the cause is obvious and I'm overlooking something. > > > > > > > I just want to check - you say that the firewall rules are properly > > enforced, and that everything works properly EXCEPT that you get a > > warning. > > Exactly. > > BTW qvm-firewall works and doesn't output any error message... >
Yes, thought so - it's probably a bug in the gui code that checks connected netvm status. Does it happen with every connected qube? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180212164725.uk7aun2ou7ofxqzh%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
