Re: [qubes-users] How find out addresses to limit outgoing connections
On Saturday, 30 December 2017 04:55:59 CET Stumpy wrote: > In the end, I want to have say a VM for email, where the firewall blocks > everything but access to the email service, and do the same for my > "banking VM" or "bitcoin wallet vm" > > I'm at a bit of a loss so would be greatful for help. Using gmail in your browser is indeed quite difficult to allow specifically. Even using another protocol to a provider like google is practically speaking not possible. So I think you started on the hardest problem. Instead, if you were to use for instance kolabnow.com, you'd be able to limit your outgoing to just two hosts (imap.kolabnow.com and smtp.kolabnow.com) which is a short list of IP addresses. (I personally use 'dig' to find out all IP addresses of a DNS). Same with the Bitcoin wallet VM, you need to find out a series of trusted IP addresses and only allow outgoing connections from them, and likely no incoming connections at all. Those IPs would be someting from friends, or some you find on; https://bitnodes.earn.com/ But notice you need to then tell your bitcoin software to actually connect to those IPs and likely skip any DNS lookup. Hope that helps! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19704108.RhNjRlVOSx%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How find out addresses to limit outgoing connections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-12-29 21:55, Stumpy wrote: > I read some posts about firewalls etc but haven't been able to > find/limit outgoing connections. I have tried to add domains which > seems to have worked (minus a bug or two) but I can't seem to > figure out all the domains I need to list. > > example, I use a gmail account, I tried adding say gmail.com and > google.com to the list of accepted connections but it still doesn't > work. I assume there are other domains I need to add but I can't > figure out how to see what they are. I tried tcpdump and installed > iptraf in the vm but they strangely don't even show email, just > amazon aws, akamaitechnolog, and ???.1e100.net but then I tried > installing umatrix in chrome and it shows various other domains > (quite a few actually). > > Also, when I try to add domains the firewall window gives me an > error port number or service is invalid, but I selected "any" for > service and ports? And after adding whatever domains the first > time and saving/clicking ok, when I try to go back in to further > add/modify the firewall I get the error "firewall has been > modified manually - please use qvm-firewall for any further > configuration." I haven't had much luck using qvm-firewall beyond > just the list option. > > In the end, I want to have say a VM for email, where the firewall > blocks everything but access to the email service, and do the same > for my "banking VM" or "bitcoin wallet vm" > > I'm at a bit of a loss so would be greatful for help. > Take a look at this thread: https://groups.google.com/d/topic/qubes-users/fSiFkQeoqGE/discussion - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpLE4EACgkQ203TvDlQ MDBnvQ/+NmurlEXasTE9nUE14APmiSDl1xWlnueJCY1sWuZLt9rriMG021AaVZS8 Csk1ETVBGVhfmB/ShAvTn18jkFbMr73Z3pykPr3ozjLfEo74WVrgsBAvAhQ/kaQG EBV6h+c7WdOPDuaBSX7HuJnVxkEFKImO0b+Is3VxHnSP/Twz8vCBqJyKsyoqucmw +i2ZWAauULBWm0STU7ZFzlAtDKz8jKb1VTZfKc8o6DpejSyApruff6+nk9OnjDkO ZeeCz5LoIcvj7frEDOQJNCo5N5yJLdufyD9m7/XGnAmQ0W0ARdZyyPeO5I7h+jns CwiocNK61QkmZZI+c0leVj9zPJKBSJoJwHf0eGdfmxMGjIOJpCyqfLozNWlPXZ3k lihGBEHXbKt/rNyl4qEf+pHT/QykQZGVQaYVUL5BwYXr70LnZAfJ1TaijGyX+PZ3 JI/HsUlCegKycGuc5LWt6ARUu/qQxgZTv+2QLPVyGb175htCAYnoyhWA8/yA7MV9 AEMFNZpyOEt1kWHsow2Jzyrars+rOk0eNvpAz6WQJCIyjG1tRIUrxbO4I6IJSUnX nEeecbu/Ser6swvrnoCowl2bdxxOaR9UG9DQCt4NmEjYe8bAjCJaANl+SUe8tB7m 61wpGsfw+L2dHD3/J9Ro2QtR3codlqfUjuTMvUWchKcKKj6cSKg= =z3QR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4571aac8-ebd8-a432-b17a-c899e6f42086%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How find out addresses to limit outgoing connections
I read some posts about firewalls etc but haven't been able to find/limit outgoing connections. I have tried to add domains which seems to have worked (minus a bug or two) but I can't seem to figure out all the domains I need to list. example, I use a gmail account, I tried adding say gmail.com and google.com to the list of accepted connections but it still doesn't work. I assume there are other domains I need to add but I can't figure out how to see what they are. I tried tcpdump and installed iptraf in the vm but they strangely don't even show email, just amazon aws, akamaitechnolog, and ???.1e100.net but then I tried installing umatrix in chrome and it shows various other domains (quite a few actually). Also, when I try to add domains the firewall window gives me an error port number or service is invalid, but I selected "any" for service and ports? And after adding whatever domains the first time and saving/clicking ok, when I try to go back in to further add/modify the firewall I get the error "firewall has been modified manually - please use qvm-firewall for any further configuration." I haven't had much luck using qvm-firewall beyond just the list option. In the end, I want to have say a VM for email, where the firewall blocks everything but access to the email service, and do the same for my "banking VM" or "bitcoin wallet vm" I'm at a bit of a loss so would be greatful for help. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/735899610fd060b025b597c76e48b056%40posteo.net. For more options, visit https://groups.google.com/d/optout.