Allow editing firewall rules for multiple VMs simultaneously

[andrewdavidwong]

On 2016-06-30 14:15, grzegorz...@....com wrote:

Preamble Qubes OS offers an option to restrict network traffic within
a VM to a specific address/domain/website which is a very useful
feature as it allows the user to control networking within VMs.

Issue However if the user wants to be 100% sure only the dedicated VM
can access a specific web resource, they need not only to allow the
dedicated VM access to a said resource, they also need to deny access
to said resource for every other VM they use. As the number of VMs
grow larger this task will get more and more mundane.

Suggestion Allow users to apply firewall rules to several VMs at
once. This mechanism could be implemented either in Qubes Manager GUI
or as a separate GUI application.

Sample options

Make exclusive - allowing access to a specific resource automatically
denies access to said resource for all other VMs except for the
system VMs

Apply to all - allowing access to a specific resource grants all
other VMs access to said resource

Apply to selected - additional checkbox would appear in QM allowing
the user to select VMs to which the rule would apply

Apply to all from the same TemplateVM - self-explanatory

I believe such a feature would greatly improve the efficiency as well
as minimize the risk of user error.

Full thread