On Tuesday, December 19, 2017 at 8:05:34 PM UTC+1, Thomas Leonard wrote: > I'd like to announce the release of qubes-mirage-firewall 0.4: > > https://github.com/talex5/qubes-mirage-firewall/releases/tag/v0.4 > > This is a unikernel that can run as a QubesOS ProxyVM, replacing > sys-firewall. It may be useful if you want something smaller or > faster-to-start than the Linux-based sys-firewall, are worried about possible > attacks against Linux's C net-front code, or just like playing with > unikernels. > > > Changes since 0.3: > > - Add support for HVM guests (needed for Qubes 4). I don't use Qubes 4 myself > yet, but other people have said it works now for them. Note that the firewall > itself must still have virt_mode set to 'pv'. > > - Add support for disposable VMs. > > - Drop frames if an interface's queue gets too long. > > - Show (log) the packet when failing to add a NAT rule. The previous message > was just: WRN [firewall] Failed to add NAT rewrite rule: Cannot NAT this > packet > > > For installation instructions, see: > > https://github.com/talex5/qubes-mirage-firewall/blob/master/README.md > > For a blog post explaining the background for this, with a walk-through of > the code, see: > > http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/
Thanks, will probably try it out later this week. :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c6f593de-3ff0-4aac-adea-5e27f794a6fd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.