-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 19/12/2018 6.37 PM, unman wrote: > On Wed, Dec 19, 2018 at 11:06:25PM +0000, mossy wrote: >> Hello all, >> >> I was looking to see if I could update an offline standalone VM, by >> appending a line to `etc/qubes-rpc/policy/qubes.UpdatesProxy` and I now >> have some questions. >> >> First, I noticed the lines: >> >> ~~~ >> # Default rule for all TemplateVMs - direct the connection to sys-net >> $type:TemplateVM $default allow,target=sys-net >> ~~~ >> >> Q1) Is this correct? Shouldn't updates be directed to sys-firewall >> instead of sys-net? Are all of our templates exposed to (untrusted) >> sys-net? >> >> Hopefully I am wrong about this, but either way I'd appreciate if >> someone could explain... >> [...] > > Q1. Yes, the default is to use sys-net. You can change this if you wish. > (I do) > The update proxy has always been set to sys-net by default. > The proxy used to filter traffic, but no longer does so. Again, I change > this behaviour. > [...]
What do you change it to? sys-firewall? Why do you change it? Do you see some security risk with using sys-net? If so, should we file a bug report to have this changed by default? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxD1QIACgkQ203TvDlQ MDCzvQ/8CQtdEGVC7c430k2/moB18bLgflI5VpHi411gqmez+nCsS9YN9yRlMKsa qZeMiTVSPcBr7gEFWAnM93S2lmaiUvM9wZKpyEXl4oD2eSy/0yoxh3fGH9M4WLJ2 +UyLLd9QSD3zZ0w2ljkg68aHGcvSVNxQhiC6CtAk7KmgogvU+z64kdVw/JK+QY/C diRVgJy2WBkuUeIk88lKkBsZTD2IPdjGke2M8enMgBYhXlfEOcVb3a/ZVq3e4gP+ 7ccMCWVEGxz1tTtUHyekYn00NhtxzW1CQxvaWI9IljVrXyqOpshfnqaPLM/4tuct NsHLP/uM+HiMorAAfiIWIEYMTUBUZuzb8of/4/wJbqvDUx9fi/ltHQQC4ksKw/er LSnSqm9wE1OgvZli+SE2LAIf2n3JvBe29bPkzr0aRONHRrERhEwS32CQeZMLOC6l YvmJLcpY3Fhu6Q0WAR8afZnk1e92gnAC2X1en6YAfCwttC3QCVfMSQIwYRPNwUpy 1d7ixRDb39nUJb25VP6kgudEgDd/VwrES24Qisu6exOYmdqJdSBSvkbCqYDxQ/uo Of2h5CdKIzCDy7pto0x3TWgC1qZqiRhByC1Oil7+/d+vQPF2H52DqwYJga+L4sXb SkPBMBIRwTwx81Foq1QaeiC+JXWT8dEIaDev41cBpLguLyU7eGQ= =EfSo -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9bc2bdb-c5f5-0ade-1799-69195319f046%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
