Re: [qubes-users] How find out addresses to limit outgoing connections

['Tom Zander' via qubes-users]

On Saturday, 30 December 2017 04:55:59 CET Stumpy wrote:
> In the end, I want to have say a VM for email, where the firewall blocks
> everything but access to the email service, and do the same for my
> "banking VM" or "bitcoin wallet vm"
> 
> I'm at a bit of a loss so would be greatful for help.

Using gmail in your browser is indeed quite difficult to allow specifically.
Even using another protocol to a provider like google is practically 
speaking not possible.
So I think you started on the hardest problem.

Instead, if you were to use for instance kolabnow.com, you'd be able to 
limit your outgoing to just two hosts (imap.kolabnow.com and 
smtp.kolabnow.com) which is a short list of IP addresses. (I personally use 
'dig' to find out all IP addresses of a DNS).

Same with the Bitcoin wallet VM, you need to find out a series of trusted IP 
addresses and only allow outgoing connections from them, and likely no 
incoming connections at all.
Those IPs would be someting from friends, or some you find on;
https://bitnodes.earn.com/
But notice you need to then tell your bitcoin software to actually connect 
to those IPs and likely skip any DNS lookup.

Hope that helps!
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19704108.RhNjRlVOSx%40cherry.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How find out addresses to limit outgoing connections

[Stumpy]

I read some posts about firewalls etc but haven't been able to 
find/limit outgoing connections.
I have tried to add domains which seems to have worked (minus a bug or 
two) but I can't seem to figure out all the domains I need to list.


example, I use a gmail account, I tried adding say gmail.com and 
google.com to the list of accepted connections but it still doesn't 
work. I assume there are other domains I need to add but I can't figure 
out how to see what they are. I tried tcpdump and installed iptraf in 
the vm but they strangely don't even show email, just amazon aws, 
akamaitechnolog, and ???.1e100.net but then I tried installing umatrix 
in chrome and it shows various other domains (quite a few actually).


Also, when I try to add domains the firewall window gives me an error 
port number or service is invalid, but I selected "any" for service and 
ports? And after adding whatever domains the first time and 
saving/clicking ok, when I try to go back in to further add/modify the 
firewall I get the error "firewall has been modified manually - please 
use qvm-firewall for any further configuration." I haven't had much luck 
using qvm-firewall beyond just the list option.


In the end, I want to have say a VM for email, where the firewall blocks 
everything but access to the email service, and do the same for my 
"banking VM" or "bitcoin wallet vm"


I'm at a bit of a loss so would be greatful for help.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/735899610fd060b025b597c76e48b056%40posteo.net.
For more options, visit https://groups.google.com/d/optout.