/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changing firewall rules doesn't affect established connections #1717

Closed
kirill9000 opened this Issue Feb 2, 2016 · 1 comment

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@kirill9000 @marmarek
@kirill9000

kirill9000 commented Feb 2, 2016

I.e.: 1) start downloading something in AppVM, 2) go to VM Manager and change AppVM's firewall rules to "Deny" with no exceptions, 3) download continues.
That's because of "global" allowing rule in FirewallVM: -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Maybe it should be split to per-AppVM rules?

@marmarek marmarek referenced this issue Feb 2, 2016

Closed

Qubes Firewall - Add rules to QBS-prefixed chain #974

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Feb 2, 2016

Member

It looks like a duplicate of #974 and feature discussed in https://groups.google.com/d/msgid/qubes-devel/20160114163808.GW4892%40mail-itl
But generally - the ultimate way for cutting a VM from the network, is setting its "netvm" to "none".
Member

marmarek commented Feb 2, 2016

It looks like a duplicate of #974 and feature discussed in https://groups.google.com/d/msgid/qubes-devel/20160114163808.GW4892%40mail-itl
But generally - the ultimate way for cutting a VM from the network, is setting its "netvm" to "none".

@marmarek marmarek closed this Feb 2, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment