qubes-doc/reference/tools/3.2/dom0/qvm-firewall.md

---
layout: doc
title: qvm-firewall
permalink: /doc/tools/3.2/dom0/qvm-firewall/
redirect_from:
- /doc/dom0-tools/qvm-firewall/
- /en/doc/dom0-tools/qvm-firewall/
- /doc/Dom0Tools/QvmFirewall/
- /wiki/Dom0Tools/QvmFirewall/
---

```
============
qvm-firewall
============

NAME
====
qvm-firewall - manage VM's firewall rules

SYNOPSIS
========
| qvm-firewall [-n] <vm-name> [action] [rule spec]

Rule specification can be one of:
    1. address|hostname[/netmask] tcp|udp port[-port]
    2. address|hostname[/netmask] tcp|udp service_name
    3. address|hostname[/netmask] any

OPTIONS
=======
-h, --help
    Show this help message and exit
-l, --list
    List firewall settings (default action)
-a, --add
    Add rule
-d, --del
    Remove rule (given by number or by rule spec)
-P SET_POLICY, --policy=SET_POLICY
    Set firewall policy (allow/deny)
-i SET_ICMP, --icmp=SET_ICMP
    Set ICMP access (allow/deny)
-D SET_DNS, --dns=SET_DNS
    Set DNS access (allow/deny)
-Y SET_YUM_PROXY, --yum-proxy=SET_YUM_PROXY
    Set access to Qubes yum proxy (allow/deny).
    *Note:* if set to "deny", access will be rejected even if policy set to "allow"
-r, --reload
    Reload firewall (implied by any change action)
-n, --numeric
    Display port numbers instead of services (makes sense only with --list)
--force-root
    Force to run, even with root privileges

AUTHORS
=======
| Joanna Rutkowska <joanna at invisiblethingslab dot com>
| Rafal Wojtczuk <rafal at invisiblethingslab dot com>
| Marek Marczykowski <marmarek at invisiblethingslab dot com>
```

-----

**Note:** The Markdown source of this page in [`qubes-doc`] was generated by running the [`update-manpages-3-2`] script on `qubes-core-admin/doc/qvm-tools/`.
If you wish to update the contents of this page as it appears on the Qubes OS website, please submit a pull request to change the appropriate file in `qubes-core-admin/doc/qvm-tools/`.
Do not attempt to change the Markdown source of this page in [`qubes-doc`] directly.
All direct changes to the Markdown file will be overwritten the next time this page is regenerated.

[`qubes-doc`]: https://github.com/QubesOS/qubes-doc/
[`update-manpages-3-2`]: https://github.com/QubesOS/qubesos.github.io/blob/master/_utils/update-manpages-3-2
Dom0Tools/QvmFirewall changed 2012-05-14 13:55:11 +00:00			`---`
wiki -> doc migration 2015-04-10 20:17:45 +00:00			`layout: doc`
Update page titles from CamelCase to lowercase-hyphen-separated (closes QubesOS/qubes-issues#1205) 2015-10-14 03:31:03 +00:00			`title: qvm-firewall`
Reorganize and update CLI tool references pages for 4.0 Requested by: QubesOS/qubes-issues#3495 Requests: QubesOS/qubes-issues#3538 2018-02-04 17:32:30 -06:00			`permalink: /doc/tools/3.2/dom0/qvm-firewall/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 07:04:59 +00:00			`redirect_from:`
Reorganize and update CLI tool references pages for 4.0 Requested by: QubesOS/qubes-issues#3495 Requests: QubesOS/qubes-issues#3538 2018-02-04 17:32:30 -06:00			`- /doc/dom0-tools/qvm-firewall/`
Remove en/ from URLs (QubesOS/qubes-issues#1333) 2015-10-28 22:14:40 +00:00			`- /en/doc/dom0-tools/qvm-firewall/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 07:04:59 +00:00			`- /doc/Dom0Tools/QvmFirewall/`
			`- /wiki/Dom0Tools/QvmFirewall/`
Dom0Tools/QvmFirewall changed 2012-05-14 13:55:11 +00:00			`---`

Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 19:15:10 -06:00			```
			`============`
Import documentation converted with pandoc -f rst -t markdown_github and README.md from qubes-app-linux-tor 2015-05-05 17:24:29 +00:00			`qvm-firewall`
			`============`

			`NAME`
Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 19:15:10 -06:00			`====`
			`qvm-firewall - manage VM's firewall rules`
Import documentation converted with pandoc -f rst -t markdown_github and README.md from qubes-app-linux-tor 2015-05-05 17:24:29 +00:00
			`SYNOPSIS`
Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 19:15:10 -06:00			`========`
			`\| qvm-firewall [-n] <vm-name> [action] [rule spec]`
Import documentation converted with pandoc -f rst -t markdown_github and README.md from qubes-app-linux-tor 2015-05-05 17:24:29 +00:00
Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 19:15:10 -06:00			`Rule specification can be one of:`
			`1. address\|hostname[/netmask] tcp\|udp port[-port]`
			`2. address\|hostname[/netmask] tcp\|udp service_name`
			`3. address\|hostname[/netmask] any`
Import documentation converted with pandoc -f rst -t markdown_github and README.md from qubes-app-linux-tor 2015-05-05 17:24:29 +00:00
			`OPTIONS`
Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 19:15:10 -06:00			`=======`
			`-h, --help`
			`Show this help message and exit`
			`-l, --list`
			`List firewall settings (default action)`
			`-a, --add`
			`Add rule`
			`-d, --del`
			`Remove rule (given by number or by rule spec)`
			`-P SET_POLICY, --policy=SET_POLICY`
			`Set firewall policy (allow/deny)`
			`-i SET_ICMP, --icmp=SET_ICMP`
			`Set ICMP access (allow/deny)`
			`-D SET_DNS, --dns=SET_DNS`
			`Set DNS access (allow/deny)`
			`-Y SET_YUM_PROXY, --yum-proxy=SET_YUM_PROXY`
			`Set access to Qubes yum proxy (allow/deny).`
			`Note: if set to "deny", access will be rejected even if policy set to "allow"`
			`-r, --reload`
			`Reload firewall (implied by any change action)`
			`-n, --numeric`
			`Display port numbers instead of services (makes sense only with --list)`
			`--force-root`
			`Force to run, even with root privileges`
Import documentation converted with pandoc -f rst -t markdown_github and README.md from qubes-app-linux-tor 2015-05-05 17:24:29 +00:00
			`AUTHORS`
Update Qubes 3.2 man pages Requested by : QubesOS/qubes-issues#3538 Related to : QubesOS/qubes-issues#3495 2018-02-11 19:15:10 -06:00			`=======`
			`\| Joanna Rutkowska <joanna at invisiblethingslab dot com>`
			`\| Rafal Wojtczuk <rafal at invisiblethingslab dot com>`
			`\| Marek Marczykowski <marmarek at invisiblethingslab dot com>`
			```
Add notes below man pages explaining how to edit them 2018-02-11 23:37:47 -06:00
			`-----`

Update Qubes 3.2 man pages to follow doc guidelines QubesOS/qubes-issues#3538 2018-03-18 16:04:33 -05:00			Note: The Markdown source of this page in [`qubes-doc`] was generated by running the [`update-manpages-3-2`] script on `qubes-core-admin/doc/qvm-tools/`.
			If you wish to update the contents of this page as it appears on the Qubes OS website, please submit a pull request to change the appropriate file in `qubes-core-admin/doc/qvm-tools/`.
			Do not attempt to change the Markdown source of this page in [`qubes-doc`] directly.
			`All direct changes to the Markdown file will be overwritten the next time this page is regenerated.`
Add notes below man pages explaining how to edit them 2018-02-11 23:37:47 -06:00
			[`qubes-doc`]: https://github.com/QubesOS/qubes-doc/
Update Qubes 3.2 man pages to follow doc guidelines QubesOS/qubes-issues#3538 2018-03-18 16:04:33 -05:00			[`update-manpages-3-2`]: https://github.com/QubesOS/qubesos.github.io/blob/master/_utils/update-manpages-3-2
Add notes below man pages explaining how to edit them 2018-02-11 23:37:47 -06:00