On 5/24/22 08:36, M wrote:
sys-firewall - limit traffic to * on TCP port 443.
I tried ping google from sys-net and sys-firewall terminal.
From sys-net domain+ip went through, sys-firewall only ip.

* ping uses ICMP which the firewall will always let through unless you use 
* DNS queries are routed by Qubes OS to the netvm, which is in your case 
* once you allow UDP port 53 in the firewall settings in sys-firewall DNS 
should work

Updates are also not working.

Well, they need DNS. ;-) ... and also Fedora will try to contact some HTTP URLs

If you don't want to allow HTTP in sys-firewall, you can

1. clone it to sys-update
2. set sys-update as updatevm and in the policy for updates
3. allow HTTP for sys-update
4. set "provides networking" to false for sys-update

That means sys-update will be used as update proxy but no other qube can use it 
as network (netvm).


 public key: https://www.svensemmler.org/2A632C537D744BC7.asc
fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to