On Tue, Mar 17, 2020 at 12:13:57PM -0700, [email protected] wrote: > > > The command you listed: > iifname "vif*" oifname "vif*" accept > > Is that a proper iptables rule, or are there placeholders in there that I > need to change specific to my system? Since iptables syntax is rather > unclear to me, I want to be sure before I go running things in my > sys-firewall. Shouldn't it be something like this? > sudo iptables -A FORWARD -i "vif*" -o "vif*" -j ACCEPT > > Then, in each one of my client qubes, I would run something like this: > sudo iptables -I INPUT -i "vif*" -j ACCEPT >
Sorry Arthur, that's nftables syntax. For iptables, you would want: `sudo iptables -I FORWARD -i "vif*" -o "vif*" -j ACCEPT` because you want that rule to PRECEDE the existing one that blocks traffic. For nftables I would rewrite the FORWARD chain and atomically rewrite it at sys-firewall startup. You can do this by using the scripts in /rw/config. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200318022523.GA6639%40thirdeyesecurity.org.
