mirror of
https://github.com/Qubes-Community/Contents.git
synced 2024-12-22 21:59:26 -05:00
Create mirage-firewall.md
Initial Version
This commit is contained in:
parent
66a749ad90
commit
a07aed668f
51
docs/customization/mirage-firewall.md
Normal file
51
docs/customization/mirage-firewall.md
Normal file
@ -0,0 +1,51 @@
|
||||
Mirage Firewall
|
||||
===============
|
||||
|
||||
A unikernel firewall for Qubes OS.
|
||||
This site will help collecting information about the mirage firewall, an interesting project from "talex5".
|
||||
|
||||
To learn more about the Mirage Firewall, please make sure to read
|
||||
|
||||
- https://github.com/mirage/qubes-mirage-firewall
|
||||
- https://github.com/mirage/qubes-mirage-firewall/blob/master/README.md
|
||||
|
||||
The Mirage Firewall for Qubes OS is a low ressource firewall, which uses a much smaller footprint
|
||||
compared to the default ("fat") sys-firewall.
|
||||
|
||||
This page is only to write down how to build the mirage firewall for Qubes OS.
|
||||
Please make sure to read the above links to understand more about it.
|
||||
|
||||
Build process on Qubes 4
|
||||
========================
|
||||
```
|
||||
# create a new template VM
|
||||
qvm-clone fedora-29-minimal t-fedora-29-mirage
|
||||
|
||||
# Resize private disk to 10 GB
|
||||
qvm-volume extend t-fedora-29-mirage:private 10GB
|
||||
|
||||
# Create a symbolic link to safe docker into the home directory
|
||||
qvm-run --auto --user root --pass-io --no-gui \
|
||||
'ln -s /var/lib/docker /home/user/docker'
|
||||
|
||||
# Install docker and git
|
||||
qvm-run --user root --pass-io --no-gui \
|
||||
'dnf -y install docker git'
|
||||
|
||||
# To get networking in the template VM
|
||||
qvm-run --auto --user root --pass-io --no-gui \
|
||||
'dnf install qubes-core-agent-networking'
|
||||
qvm-shutdown --wait t-fedora-29-mirage
|
||||
qvm-prefs t-fedora-29-mirage sys-firewall
|
||||
qvm-start t-fedora-29-mirage
|
||||
|
||||
# Launch docker
|
||||
qvm-run --user root --pass-io --no-gui \
|
||||
'systemctl start docker'
|
||||
|
||||
# Download and build mirage for qubes
|
||||
qvm-run --user root --pass-io --no-gui \
|
||||
'cd /home/user && \
|
||||
git clone https://github.com/mirage/qubes-mirage-firewall.git && \'
|
||||
cd qubes-mirage-firewall && \
|
||||
./build-with-docker.sh'
|
Loading…
Reference in New Issue
Block a user