On 08/04/2018 02:04 PM, smcmj-2xk3N/kkaK1Wk0Htik3J/[email protected] wrote: > I'll take a shot, also willing to learn more if I am missing something: > > I would try to find the IP of the email provider if you are using a VM for > email, e.g. Tutanota's IP address is: 81.3.6.162(no IMAP wit them), therefore > my firewall settings for that VM would be: > > IP: 81.3.6.162 > Service: https (or port 443) > Protocol: TCP > > Things I have learned about the firewall include: > 1) You can type a port number into the service field vs just using whats in > the "Services" dropdown selection > 2) MXToolbox is a good tool to find an IP address of a website > 3) I created a print VM that only allows access to my networked printer IP > and the network printer's port. With this VM I can access only the printer. > Maybe your vault uses this VM as its DVM. I don't trust printers in general > but at least its restricted > > For web only 443(https) and 80(http) are all that is needed for the most > part. I believe ICMP(pings) and port 53(DNS) are allowed automatically. Open > to being corrected? It would be nice to control the DNS more (Quad9 DNS > resolver or OpenDNS). Not sure how to do this with ease. > > For Thunderbird, you could research your email providers IP and change the > "*"/ANY for the specific IPs or IP.
And what do you use to make it so your Network Printer is all that is allowed access. Thats true, as per the Qubes docs on network printers, I cloned the F Template and installed the printer driver in it, then use it as the Template for an AppVM that just does printing, but occasional I'll browse to some URL to print a webpage. BUT, I also use the AppVM as the default for disp appvm's to be based on so I can print from attachments to emails etc , and hence, for the vault, it was also the default... so did go and change that fwiw :) PS AM not using webmail, as primary, so would need more something for IMAP or ? IMAPS , not sure if it is really necessary on top of whatever sys-firewall does etc which is why I was asking what if anything typical qubes users do with the firewall tab in the VMM -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7dade891-d9fd-778f-3053-d07865abb031%40riseup.net. For more options, visit https://groups.google.com/d/optout.
