On 5/24/22 08:36, M wrote:
sys-firewall - limit traffic to * on TCP port 443. I tried ping google from sys-net and sys-firewall terminal. From sys-net domain+ip went through, sys-firewall only ip.
* ping uses ICMP which the firewall will always let through unless you use qvm-firewall * DNS queries are routed by Qubes OS to the netvm, which is in your case sys-firewall * once you allow UDP port 53 in the firewall settings in sys-firewall DNS should work
Updates are also not working.
Well, they need DNS. ;-) ... and also Fedora will try to contact some HTTP URLs If you don't want to allow HTTP in sys-firewall, you can 1. clone it to sys-update 2. set sys-update as updatevm and in the policy for updates 3. allow HTTP for sys-update 4. set "provides networking" to false for sys-update That means sys-update will be used as update proxy but no other qube can use it as network (netvm). /Sven -- public key: https://www.svensemmler.org/2A632C537D744BC7.asc fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bbe90e79-6db5-544a-e990-53233d641193%40SvenSemmler.org.
Description: OpenPGP digital signature