I can access https://1.1.1.1. But not cloudflare.com.

On Saturday, 28 May 2022 at 23:17:34 UTC+3 M wrote:

> According the doc, you don't need to do that. 
> Firewall policy which is see with qvm-firewall sys-firewall:
> 0. tcp 443
> 1. dns
> 2. icmp
> 3. drop
>
> I still can't solve the problem.
> On Wednesday, 25 May 2022 at 07:18:35 UTC+3 sv...@svensemmler.org wrote:
>
>> On 5/24/22 08:36, M wrote: 
>> > sys-firewall - limit traffic to * on TCP port 443. 
>> > I tried ping google from sys-net and sys-firewall terminal. 
>> > From sys-net domain+ip went through, sys-firewall only ip. 
>>
>> * ping uses ICMP which the firewall will always let through unless you 
>> use qvm-firewall 
>> * DNS queries are routed by Qubes OS to the netvm, which is in your case 
>> sys-firewall 
>> * once you allow UDP port 53 in the firewall settings in sys-firewall DNS 
>> should work 
>>
>> > Updates are also not working. 
>>
>> Well, they need DNS. ;-) ... and also Fedora will try to contact some 
>> HTTP URLs 
>>
>> If you don't want to allow HTTP in sys-firewall, you can 
>>
>> 1. clone it to sys-update 
>> 2. set sys-update as updatevm and in the policy for updates 
>> 3. allow HTTP for sys-update 
>> 4. set "provides networking" to false for sys-update 
>>
>> That means sys-update will be used as update proxy but no other qube can 
>> use it as network (netvm). 
>>
>> /Sven 
>>
>> -- 
>> public key: https://www.svensemmler.org/2A632C537D744BC7.asc 
>> fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f6d1ee2-6268-413c-93ed-3840d8197a63n%40googlegroups.com.

Reply via email to