On Wed, Jan 22, 2020 at 03:09:31AM +0000, Claudia wrote: > January 21, 2020 7:04 PM, "Dan Krol" <[email protected]> wrote: > > > So to clarify: > > > >> Sys-net and sys-firewall (and sys-vpn if you use it) will need it enabled. > > > > When you say "need it enabled", you're just referring again to "provides > > network", is that correct? > > > > And secondly: Do I understand correctly so long as any qube sits in between > > two other qubes in the > > networking chain, it automatically acts as a basic firewall? That's all > > that sys-firewall is? > > >From what I understand, sys-firewall is special in that it dynamically > >changes firewall rules for different VMs. That's where the firewall rules in > >the VM Settings GUI and qvm-firewall are applied. If you just create a new > >blank VM in place of sys-firewall, you can set up static firewall rules, but > >it won't by default know how to do any of the dynamic / user-defined rule > >stuff. >
This isn't quite true - there's nothing special about sys-firewall. *Any* qube which provides network (and has relevant packages installed) will provide dynamic firewall. If you use the full templates it will work automatically. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200122122131.GB5704%40thirdeyesecurity.org.
