On Sat, Apr 11, 2020 at 12:32:34PM +0000, hsfcyxr hsfcyxr wrote: > There???s a second computer to access the Clinet. > How do I completely block traffic bypassing sys-whonix? I don???t know > much English, so I couldn???t find it myself, I read qubes and whonix > documentation. > (I marked dom0 updates via tor during installation, prescribed ???sudo > systemctl restart qubes-whonix-torified-updates-proxy-check???, installed > everything in Qube Manager except sys-firewall, sys-whonix, sys-net and > Tamplate VM on sys-whonix, > Qubes global settings -> Dom0 UpdateVM -> sys-whonix > Qubes global settings -> ClockV -> sys-whonix > Qubes global settings -> Default netVM -> sys-whonix > Qubes global settings -> Default template -> fedora-30 > Qubes global settings -> Default DisposableVM Template -> > fedora-30-dvm > ) > Maybe there are some guides to setting qubes to anonymity so that the > browser can???t recognize my time zone (so that it is different on different > AppVMs). And how to add a different language to the keyboard, again, so > that it would be visible only on the AppVMs I need. img: > qubes-os[.]org/attachment/wiki/posts/admin-api.png > I will formulate a more specific question, as in the diagram above, to block > all connections to sys-net except sys-whonix->sys-firewall->sys-net. >
I cant help with Whonix issues, but you should block outgoing traffic originating from sys-net and sys-firewall. Restrict traffic which is forwarded through sys-firewall to anything originating from the vif and MAC of sys-whonix. Then you're trusting Whonix to deliver what it promises. Strange that you are using standard templates for default and DisposableVM, when you are concerned with anonymity. Have you customised that fedora-30 template? If not, you may be shooting yourself in the foot. Personally I don't use clock updates at all, and set time to UTC across the board. You can install language options in the templates and trigger changes on an individual qube, which allows you to access different layout per qube. If I understand your post, that's what you want? Check the "keyboard " option in Qube Manager. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200411142656.GB27666%40thirdeyesecurity.org.
