I'd like to announce the release of qubes-mirage-firewall 0.5: https://github.com/mirage/qubes-mirage-firewall/releases/tag/v0.5
This is a unikernel that can run as a QubesOS ProxyVM, replacing sys-firewall. It may be useful if you want something smaller or faster-to-start than the Linux-based sys-firewall. It requires around 32MB of RAM when running and requires 0.0s of CPU time to boot, according to "xl list". It does not need or use a hard-disk, and does not persist any state between reboots. For installation instructions, see: https://github.com/mirage/qubes-mirage-firewall/blob/master/README.md For a blog post explaining the background for this, with a walk-through of the code (it's written in OCaml), see: http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/ Changes since 0.4: - Update to the latest mirage-net-xen, mirage-nat and tcpip libraries (@yomimono, @talex5, #45, #47). In iperf benchmarks between a client VM and sys-net, this more than doubled the reported bandwidth! - Don't wait for the Qubes GUI daemon to connect before attaching client VMs (@talex5, #38). If the firewall is restarted while AppVMs are connected, qubesd tries to reconnect them before starting the GUI agent. However, the firewall was waiting for the GUI agent to connect before handling the connections. This led to a 10s delay on restart for each client VM. Reported by @xaki23. - Add stub makefile for qubes-builder (@xaki23, #37). - Update build instructions for latest Fedora (@talex5, #36). yum no longer exists. Also, show how to create a symlink for /var/lib/docker on build VMs that aren't standalone. Reported by @xaki23. - Add installation instructions for Qubes 4 (@yomimono, @reynir, @talex5, #27). - Use Ethernet_wire.sizeof_ethernet instead of a magic 14 (@hannesm, #46). Note that the repository has moved from github.com/talex5 to the github.com/mirage organisation, as it's no longer just my personal project. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/727d1b86-a37b-4a65-a167-b128a23c8197%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
