On Thu, Jul 15, 2021 at 04:50:29PM +0700, unman wrote: > On Wed, Jul 14, 2021 at 04:35:42PM +0000, Michael Singer wrote:
>> >> Would you let my Qube, which is supposed to connect to only one IP address on >> the internet, be based on an extra firewall-vm? Would that more secure? > You could do this: it would have one particular advantage, in that you > could set custom rules in sys-net to restrict access from that > sys-firewall to the specified IP address. Do you have an example of the command line commands you use to set such custom rules in an ordinary debian or fedora sys-net? >> In the Qube settings for the services there is the service >> "disable-default-route". I have not found anything about what it does. In my >> case, would it be better to leave it on or turn it off? > man qvm-service - this service will remove the default gateway entry. So > a qube would be able to access immediate neighbours but not step beyond. > It's not what you want here. What are the immediate neighbors of a qube? Can both a qube using the default route and a qube with the disable-default-route service turned on access its immediate neighbors, or only a qube with the disable-default-route service turned on? In what situation is it useful for a qube to be able to access its immediate neighbors? All the best Michael -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f04a944-d8df-cfd8-106d-faf03798fc84%40posteo.de.