I can access https://1.1.1.1. But not cloudflare.com.
On Saturday, 28 May 2022 at 23:17:34 UTC+3 M wrote: > According the doc, you don't need to do that. > Firewall policy which is see with qvm-firewall sys-firewall: > 0. tcp 443 > 1. dns > 2. icmp > 3. drop > > I still can't solve the problem. > On Wednesday, 25 May 2022 at 07:18:35 UTC+3 sv...@svensemmler.org wrote: > >> On 5/24/22 08:36, M wrote: >> > sys-firewall - limit traffic to * on TCP port 443. >> > I tried ping google from sys-net and sys-firewall terminal. >> > From sys-net domain+ip went through, sys-firewall only ip. >> >> * ping uses ICMP which the firewall will always let through unless you >> use qvm-firewall >> * DNS queries are routed by Qubes OS to the netvm, which is in your case >> sys-firewall >> * once you allow UDP port 53 in the firewall settings in sys-firewall DNS >> should work >> >> > Updates are also not working. >> >> Well, they need DNS. ;-) ... and also Fedora will try to contact some >> HTTP URLs >> >> If you don't want to allow HTTP in sys-firewall, you can >> >> 1. clone it to sys-update >> 2. set sys-update as updatevm and in the policy for updates >> 3. allow HTTP for sys-update >> 4. set "provides networking" to false for sys-update >> >> That means sys-update will be used as update proxy but no other qube can >> use it as network (netvm). >> >> /Sven >> >> -- >> public key: https://www.svensemmler.org/2A632C537D744BC7.asc >> fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7 >> > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6f6d1ee2-6268-413c-93ed-3840d8197a63n%40googlegroups.com.
