Re: [qubes-users] better solution to configure firewall rules?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 6/22/20 9:19 PM, verifiablel...@86.is wrote: > cat ips.txt | while read line; do qvm-firewall appvm-name add > --before 0 accept dsthost=$line; done Thank you! I'll look into qvm-firewall and then write a little script to parse the downloaded file and fire off the respective calls. /Sven - -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl7xaTMACgkQ2m4We49U H7aSmw//XfG81QchyOQUA8UoCUjxJ7B3XRI1xMhpca3YkQ+clKg1/ja7MvjwjvPM kg/wFDhky1xr0BcHSvhtXOuHJiI2PAR2XcMde+1NwKIKYhfhHhs8p+bN6vPj/+Fe vKx0LbOklt5N4CweawlbFOWfeN5xZb94VA9SLtVYgb2cmx/FDcg3VJ1t5beTB3Oh cmo9LDF6DZ1o8n2IbZww/4viS2j/YuPbBBL7OdTF1eAe7aAE68s2/QDgz2n70xJs 1CwsGdQ3g15+mWFFI9okyBqkdUXxiEGsdrXTuD+kZfasYL+v+m5jTZAbtQMlSsAJ +2uFbSbml+JWkzo/BAgIBZFoIhVjL4xEGGboimxQ6bs900+0Rx4Zd9crRXHaure6 9CWBaLW/cqt3ZcWtZZTBKfq7m+0w/+006W2TiQWWi2w9A/10MRWYtD6557Vkmw2d MyTMqsRr2Mx9EC+4JSsLZLYCllz5AcNDPLwBat/Wz8VUdTSBkFTj+F3Ct4F4OPcW JOmmARpv5zNBFho8ljvZuH8BRgACJeRMU7QfFI660KJwbTqdRqqi91iQB9vdqYWF 4rmEZiErBrO3jmVebVQ9TSzeow09lqHX+hBDlcfXRbCMD9Gtn6p3V0mGf5sC+vDn axEEfyDRBxDGIAqL7Avujdi8WlXleSpvCvu8gpGgj69L4G+JArI= =YrUq -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/af079c63-5073-f4f9-d532-bb2fa0984f36%40SvenSemmler.org.
Re: [qubes-users] better solution to configure firewall rules?
On 2020-06-22 16:37, Sven Semmler wrote: Is there a better way for me to import the ranges from https://api.github.com/meta or any other such configuration and import them into a qubes firewall rules? You can add firewall rules from Dom0. I've got a one-liner that will read IPs from a file and add them to the firewall of an AppVM. WARNING, once you edit the firewall rules "manually" from within Dom0, you can no longer edit them from within the GUI. So, I recommend making a copy of your AppVM to test with before running it for real. The script: cat ips.txt | while read line; do qvm-firewall appvm-name add --before 0 accept dsthost=$line; done Where: ips.txt is a text file containing a list of ip addresses, one per line. appvm-name is the name of the AppVM you want to add the rules to. Note that this script will add each IP "before 0" (meaning, at the top of the rule list). Also note that this is set to "accept" connections from all of the IPs. If either of these things is not what you want, you'll need to edit it accordingly. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/03b0ec30-6418-0145-bfc8-e437bd4e5777%4086.is.