On Thu, Jul 15, 2021 at 04:50:29PM +0700, unman wrote:

> On Wed, Jul 14, 2021 at 04:35:42PM +0000, Michael Singer wrote:

>> 
>> Would you let my Qube, which is supposed to connect to only one IP address on
>> the internet, be based on an extra firewall-vm? Would that more secure?

> You could do this: it would have one particular advantage, in that you
> could set custom rules in sys-net to restrict access from that
> sys-firewall to the specified IP address.

Do you have an example of the command line commands you use to set such custom 
rules in an ordinary debian or fedora sys-net?

>> In the Qube settings for the services there is the service
>> "disable-default-route". I have not found anything about what it does. In my
>> case, would it be better to leave it on or turn it off?

> man qvm-service - this service will remove the default gateway entry. So
> a qube would be able to access immediate neighbours but not step beyond.
> It's not what you want here.

What are the immediate neighbors of a qube?

Can both a qube using the default route and a qube with the 
disable-default-route service turned on access its immediate neighbors, or only 
a qube with the disable-default-route service turned on?

In what situation is it useful for a qube to be able to access its immediate 
neighbors?

All the best
Michael

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f04a944-d8df-cfd8-106d-faf03798fc84%40posteo.de.

Reply via email to