Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upqubes-firewall service should policy only outgoing VM traffic #3644
Comments
marmarek
added
bug
C: core
C: templates
P: minor
labels
Mar 1, 2018
marmarek
added this to the Release 4.0 milestone
Mar 1, 2018
marmarek
self-assigned this
Mar 1, 2018
marmarek
referenced this issue
in QubesOS/qubes-doc
Mar 1, 2018
Merged
Update firewall.md documentation #605
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
yonjah
Mar 26, 2018
@marmarek is there any explanation on how to get inter-VM networking working in R4.0 ?
Documentation update seem to only apply for external communication and as much as I tried getting nftables configuration right I can only get pings going but nothing else
yonjah
commented
Mar 26, 2018
|
@marmarek is there any explanation on how to get inter-VM networking working in R4.0 ? |
andrewdavidwong
modified the milestones:
Release 4.0,
Release 4.0 updates
Mar 31, 2018
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Apr 2, 2018
Member
https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes should work (no need for manual nftables rules).
If you set restrictive firewall rules in qube settings (firewall tab), you need to also allow traffic there.
|
https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes should work (no need for manual nftables rules). |
added a commit
to marmarek/qubes-core-agent-linux
that referenced
this issue
Apr 2, 2018
added a commit
to marmarek/qubes-core-agent-linux
that referenced
this issue
Apr 3, 2018
marmarek
referenced this issue
in QubesOS/qubes-core-agent-linux
Apr 3, 2018
Merged
Network fixes #107
marmarek
closed this
in
QubesOS/qubes-core-agent-linux#107
Apr 6, 2018
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
Apr 21, 2018
Automated announcement from builder-github
The component core-agent-linux (including package python2-dnf-plugins-qubes-hooks-4.0.25-1.fc26) has been pushed to the r4.0 testing repository for the Fedora template.
To test this update, please install it with the following command:
sudo yum update --enablerepo=qubes-vm-r4.0-current-testing
qubesos-bot
commented
Apr 21, 2018
|
Automated announcement from builder-github The component |
qubesos-bot
added
the
r4.0-fc26-cur-test
label
Apr 21, 2018
qubesos-bot
referenced this issue
in QubesOS/updates-status
Apr 21, 2018
Closed
core-agent-linux v4.0.25 (r4.0) #487
qubesos-bot
added
r4.0-buster-cur-test
r4.0-jessie-cur-test
labels
Apr 21, 2018
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
Apr 21, 2018
Automated announcement from builder-github
The package qubes-core-agent_4.0.25-1+deb9u1 has been pushed to the r4.0 testing repository for the Debian template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing (or appropriate equivalent for your template version), then use the standard update command:
sudo apt-get update && sudo apt-get dist-upgrade
qubesos-bot
commented
Apr 21, 2018
|
Automated announcement from builder-github The package |
qubesos-bot
added
the
r4.0-stretch-cur-test
label
Apr 21, 2018
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
May 2, 2018
Automated announcement from builder-github
The package core-agent-linux has been pushed to the r4.0 testing repository for the CentOS centos7 template.
To test this update, please install it with the following command:
sudo yum update --enablerepo=qubes-vm-r4.0-current-testing
qubesos-bot
commented
May 2, 2018
|
Automated announcement from builder-github The package |
qubesos-bot
added
the
r4.0-centos7-cur-test
label
May 2, 2018
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
May 21, 2018
Automated announcement from builder-github
The component core-agent-linux (including package python2-dnf-plugins-qubes-hooks-4.0.28-1.fc26) has been pushed to the r4.0 stable repository for the Fedora template.
To install this update, please use the standard update command:
sudo yum update
qubesos-bot
commented
May 21, 2018
|
Automated announcement from builder-github The component |
qubesos-bot
added
r4.0-fc26-stable
and removed
r4.0-fc26-cur-test
labels
May 21, 2018
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
May 21, 2018
Automated announcement from builder-github
The package core-agent-linux has been pushed to the r4.0 stable repository for the Fedora centos7 template.
To install this update, please use the standard update command:
sudo yum update
qubesos-bot
commented
May 21, 2018
|
Automated announcement from builder-github The package |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
May 21, 2018
Automated announcement from builder-github
The package qubes-core-agent_4.0.28-1+deb9u1 has been pushed to the r4.0 stable repository for the Debian template.
To install this update, please use the standard update command:
sudo apt-get update && sudo apt-get dist-upgrade
qubesos-bot
commented
May 21, 2018
|
Automated announcement from builder-github The package |
marmarek commentedMar 1, 2018
Qubes OS version:
R4.0
qubes-firewall service is designed to policy outgoing traffic from VMs. This is also the only part that can be configured in it (the traffic rules are assigned to source address). Currently it blocks any traffic not explicitly allowed by per-VM rules. This makes inter-VM networking harder to configure. Especially when the service use nftables instead of iptables.