From 09803e9e188c5b97122bb5a86142f5a2ec004b12 Mon Sep 17 00:00:00 2001 From: Michael Carbone Date: Sun, 5 Mar 2017 11:07:00 -0500 Subject: [PATCH] remove "TODO" Firewall and Proxy VM section or else link to existing content. --- system/networking.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/system/networking.md b/system/networking.md index d11bc5b8..6dcf2620 100644 --- a/system/networking.md +++ b/system/networking.md @@ -52,8 +52,3 @@ Note that in order to isolate `netvm` properly, the platform must support VTd an When using `netvm`, there is no network connectivity in dom0. This is the desired configuration - it eliminates all network-bourne attacks. Observe that dom0 is meant to be used for administrative tasks only, and (with one exception) they do not need network. Anything not related to system administration should be done in one of AppVMs. The above-mentioned exception is the system packages upgrade. Again, one must not install random applications in dom0, but there is a need to e.g. upgrade existing packages. While one may argue that the new packages could be downloaded on a separate machine and copied to dom0 via a pendrive, this solution has its own problems. Therefore, the advised method to temporarily grant network connectivity to dom0 is to use *qvm-dom0-network-via-netvm up* command. It will pause all running VMs (so that they can do no harm to dom0) and connect dom0 to netvm network just like another AppVM. Having completed package upgrade, execute *qvm-dom0-network-via-netvm down* to revert to the normal state. - -Firewall and Proxy VMs ----------------------- - -TODO