qubes-doc/reference/tools/3.2/dom0/qvm-firewall.md

---
layout: doc
title: qvm-firewall
permalink: /doc/tools/3.2/dom0/qvm-firewall/
redirect_from:
- /doc/dom0-tools/qvm-firewall/
- /en/doc/dom0-tools/qvm-firewall/
- /doc/Dom0Tools/QvmFirewall/
- /wiki/Dom0Tools/QvmFirewall/
---

```
============
qvm-firewall
============

NAME
====
qvm-firewall - manage VM's firewall rules

SYNOPSIS
========
| qvm-firewall [-n] <vm-name> [action] [rule spec]

Rule specification can be one of:
    1. address|hostname[/netmask] tcp|udp port[-port]
    2. address|hostname[/netmask] tcp|udp service_name
    3. address|hostname[/netmask] any

OPTIONS
=======
-h, --help
    Show this help message and exit
-l, --list
    List firewall settings (default action)
-a, --add
    Add rule
-d, --del
    Remove rule (given by number or by rule spec)
-P SET_POLICY, --policy=SET_POLICY
    Set firewall policy (allow/deny)
-i SET_ICMP, --icmp=SET_ICMP
    Set ICMP access (allow/deny)
-D SET_DNS, --dns=SET_DNS
    Set DNS access (allow/deny)
-Y SET_YUM_PROXY, --yum-proxy=SET_YUM_PROXY
    Set access to Qubes yum proxy (allow/deny).
    *Note:* if set to "deny", access will be rejected even if policy set to "allow"
-r, --reload
    Reload firewall (implied by any change action)
-n, --numeric
    Display port numbers instead of services (makes sense only with --list)
--force-root
    Force to run, even with root privileges

AUTHORS
=======
| Joanna Rutkowska <joanna at invisiblethingslab dot com>
| Rafal Wojtczuk <rafal at invisiblethingslab dot com>
| Marek Marczykowski <marmarek at invisiblethingslab dot com>
```
Dom0Tools/QvmFirewall changed 2012-05-14 09:55:11 -04:00			`---`
wiki -> doc migration 2015-04-10 16:17:45 -04:00			`layout: doc`
Update page titles from CamelCase to lowercase-hyphen-separated (closes QubesOS/qubes-issues#1205) 2015-10-13 23:31:03 -04:00			`title: qvm-firewall`
Reorganize and update CLI tool references pages for 4.0 Requested by: QubesOS/qubes-issues#3495 Requests: QubesOS/qubes-issues#3538 2018-02-04 18:32:30 -05:00			`permalink: /doc/tools/3.2/dom0/qvm-firewall/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 03:04:59 -04:00			`redirect_from:`
Reorganize and update CLI tool references pages for 4.0 Requested by: QubesOS/qubes-issues#3495 Requests: QubesOS/qubes-issues#3538 2018-02-04 18:32:30 -05:00			`- /doc/dom0-tools/qvm-firewall/`
Remove en/ from URLs (QubesOS/qubes-issues#1333) 2015-10-28 18:14:40 -04:00			`- /en/doc/dom0-tools/qvm-firewall/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 03:04:59 -04:00			`- /doc/Dom0Tools/QvmFirewall/`
			`- /wiki/Dom0Tools/QvmFirewall/`
Dom0Tools/QvmFirewall changed 2012-05-14 09:55:11 -04:00			`---`

Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 20:15:10 -05:00			```
			`============`
Import documentation converted with pandoc -f rst -t markdown_github and README.md from qubes-app-linux-tor 2015-05-05 13:24:29 -04:00			`qvm-firewall`
			`============`

			`NAME`
Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 20:15:10 -05:00			`====`
			`qvm-firewall - manage VM's firewall rules`
Import documentation converted with pandoc -f rst -t markdown_github and README.md from qubes-app-linux-tor 2015-05-05 13:24:29 -04:00
			`SYNOPSIS`
Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 20:15:10 -05:00			`========`
			`\| qvm-firewall [-n] <vm-name> [action] [rule spec]`
Import documentation converted with pandoc -f rst -t markdown_github and README.md from qubes-app-linux-tor 2015-05-05 13:24:29 -04:00
Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 20:15:10 -05:00			`Rule specification can be one of:`
			`1. address\|hostname[/netmask] tcp\|udp port[-port]`
			`2. address\|hostname[/netmask] tcp\|udp service_name`
			`3. address\|hostname[/netmask] any`
Import documentation converted with pandoc -f rst -t markdown_github and README.md from qubes-app-linux-tor 2015-05-05 13:24:29 -04:00
			`OPTIONS`
Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 20:15:10 -05:00			`=======`
			`-h, --help`
			`Show this help message and exit`
			`-l, --list`
			`List firewall settings (default action)`
			`-a, --add`
			`Add rule`
			`-d, --del`
			`Remove rule (given by number or by rule spec)`
			`-P SET_POLICY, --policy=SET_POLICY`
			`Set firewall policy (allow/deny)`
			`-i SET_ICMP, --icmp=SET_ICMP`
			`Set ICMP access (allow/deny)`
			`-D SET_DNS, --dns=SET_DNS`
			`Set DNS access (allow/deny)`
			`-Y SET_YUM_PROXY, --yum-proxy=SET_YUM_PROXY`
			`Set access to Qubes yum proxy (allow/deny).`
			`Note: if set to "deny", access will be rejected even if policy set to "allow"`
			`-r, --reload`
			`Reload firewall (implied by any change action)`
			`-n, --numeric`
			`Display port numbers instead of services (makes sense only with --list)`
			`--force-root`
			`Force to run, even with root privileges`
Import documentation converted with pandoc -f rst -t markdown_github and README.md from qubes-app-linux-tor 2015-05-05 13:24:29 -04:00
			`AUTHORS`
Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 20:15:10 -05:00			`=======`
			`\| Joanna Rutkowska <joanna at invisiblethingslab dot com>`
			`\| Rafal Wojtczuk <rafal at invisiblethingslab dot com>`
			`\| Marek Marczykowski <marmarek at invisiblethingslab dot com>`
			```