Don't know if this helps, but since October 2021 I've been using pfSense without any problems. I created an installation guide and script to automate the integration. https://github.com/jcholsap/freemod/issues/1#issue-1016495279
On Friday, July 30, 2021 at 9:40:06 AM UTC-4 unman wrote: > On Mon, Jul 26, 2021 at 08:09:52AM +0000, Michael Singer wrote: > > On Thu, Jul 17, 2021 at 12:29PM +0700, unman wrote> On Thu, Jul 15, 2021 > at 06:07:59PM +0000, Michael Singer wrote: > > >> On Thu, Jul 15, 2021 at 04:50:29PM +0700, unman wrote: > > >> > > >>> On Wed, Jul 14, 2021 at 04:35:42PM +0000, Michael Singer wrote: > > >> > > >>>> > > >>>> Would you let my Qube, which is supposed to connect to only one IP > address on > > >>>> the internet, be based on an extra firewall-vm? Would that more > secure? > > >> > > >>> You could do this: it would have one particular advantage, in that > you > > >>> could set custom rules in sys-net to restrict access from that > > >>> sys-firewall to the specified IP address. > > >> > > >> Do you have an example of the command line commands you use to set > such custom rules in an ordinary debian or fedora sys-net? > > > > > > Qubes uses NAT, so sys-net sees all traffic coming from the IP address > > > of sys-firewall. > > > If you new fw has IP - 10.137.0.200 > > > And target is 195.10.223.181 > > > > > > `nft insert rule filter FORWARD index 1 ip saddr 10.137.0.200 ip daddr > 195.10.223.181 tcp dport https accept` > > > `nft insert rule filter FORWARD index 2 ip saddr 10.137.0.200 drop` > > > > > > Would do it. > > > Adjust for your case, of course > > > > Many thanks, unman! This is well explained. Allow one more question: How > would you do the same if sys-net is based on a OpenBSD template? > > > > Best regards > > Michael Singer > > > > openBSD in Qubes - Excellent! > You would want something like: > pass out on dc0 proto tcp from 10.137.0.200 to 195.10.223.181 port 443 > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a19c75b-cc29-475e-955a-05135a048203n%40googlegroups.com.
