Re: [qubes-users] How find out addresses to limit outgoing connections

2018-01-02 Thread 'Tom Zander' via qubes-users
On Saturday, 30 December 2017 04:55:59 CET Stumpy wrote:
> In the end, I want to have say a VM for email, where the firewall blocks
> everything but access to the email service, and do the same for my
> "banking VM" or "bitcoin wallet vm"
> 
> I'm at a bit of a loss so would be greatful for help.

Using gmail in your browser is indeed quite difficult to allow specifically.
Even using another protocol to a provider like google is practically 
speaking not possible.
So I think you started on the hardest problem.

Instead, if you were to use for instance kolabnow.com, you'd be able to 
limit your outgoing to just two hosts (imap.kolabnow.com and 
smtp.kolabnow.com) which is a short list of IP addresses. (I personally use 
'dig' to find out all IP addresses of a DNS).

Same with the Bitcoin wallet VM, you need to find out a series of trusted IP 
addresses and only allow outgoing connections from them, and likely no 
incoming connections at all.
Those IPs would be someting from friends, or some you find on;
https://bitnodes.earn.com/
But notice you need to then tell your bitcoin software to actually connect 
to those IPs and likely skip any DNS lookup.

Hope that helps!
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19704108.RhNjRlVOSx%40cherry.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How find out addresses to limit outgoing connections

2018-01-01 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-12-29 21:55, Stumpy wrote:
> I read some posts about firewalls etc but haven't been able to 
> find/limit outgoing connections. I have tried to add domains which 
> seems to have worked (minus a bug or two) but I can't seem to 
> figure out all the domains I need to list.
> 
> example, I use a gmail account, I tried adding say gmail.com and 
> google.com to the list of accepted connections but it still doesn't
> work. I assume there are other domains I need to add but I can't
> figure out how to see what they are. I tried tcpdump and installed
> iptraf in the vm but they strangely don't even show email, just
> amazon aws, akamaitechnolog, and ???.1e100.net but then I tried
> installing umatrix in chrome and it shows various other domains
> (quite a few actually).
> 
> Also, when I try to add domains the firewall window gives me an 
> error port number or service is invalid, but I selected "any" for 
> service and ports? And after adding whatever domains the first
> time and saving/clicking ok, when I try to go back in to further 
> add/modify the firewall I get the error "firewall has been
> modified manually - please use qvm-firewall for any further
> configuration." I haven't had much luck using qvm-firewall beyond
> just the list option.
> 
> In the end, I want to have say a VM for email, where the firewall 
> blocks everything but access to the email service, and do the same 
> for my "banking VM" or "bitcoin wallet vm"
> 
> I'm at a bit of a loss so would be greatful for help.
> 

Take a look at this thread:

https://groups.google.com/d/topic/qubes-users/fSiFkQeoqGE/discussion

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpLE4EACgkQ203TvDlQ
MDBnvQ/+NmurlEXasTE9nUE14APmiSDl1xWlnueJCY1sWuZLt9rriMG021AaVZS8
Csk1ETVBGVhfmB/ShAvTn18jkFbMr73Z3pykPr3ozjLfEo74WVrgsBAvAhQ/kaQG
EBV6h+c7WdOPDuaBSX7HuJnVxkEFKImO0b+Is3VxHnSP/Twz8vCBqJyKsyoqucmw
+i2ZWAauULBWm0STU7ZFzlAtDKz8jKb1VTZfKc8o6DpejSyApruff6+nk9OnjDkO
ZeeCz5LoIcvj7frEDOQJNCo5N5yJLdufyD9m7/XGnAmQ0W0ARdZyyPeO5I7h+jns
CwiocNK61QkmZZI+c0leVj9zPJKBSJoJwHf0eGdfmxMGjIOJpCyqfLozNWlPXZ3k
lihGBEHXbKt/rNyl4qEf+pHT/QykQZGVQaYVUL5BwYXr70LnZAfJ1TaijGyX+PZ3
JI/HsUlCegKycGuc5LWt6ARUu/qQxgZTv+2QLPVyGb175htCAYnoyhWA8/yA7MV9
AEMFNZpyOEt1kWHsow2Jzyrars+rOk0eNvpAz6WQJCIyjG1tRIUrxbO4I6IJSUnX
nEeecbu/Ser6swvrnoCowl2bdxxOaR9UG9DQCt4NmEjYe8bAjCJaANl+SUe8tB7m
61wpGsfw+L2dHD3/J9Ro2QtR3codlqfUjuTMvUWchKcKKj6cSKg=
=z3QR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4571aac8-ebd8-a432-b17a-c899e6f42086%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.