Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

QubesFirewall changed

Browse Source 
Qubes firewall description improvements
This commit is contained in:
Joanna Rutkowska 2013-01-01 12:26:47 +00:00
parent f00eff8546
commit 8bddb2331d
1 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
QubesFirewall.md
View File

@ -4,22 +4,26 @@ title: QubesFirewall
permalink: /wiki/QubesFirewall/
---
Using Quebes Firewall
=====================
How to edit rules
-----------------
In order to edit rules for a given domain, select this domain in the Qubes Manager and press the "policeman's helmet" button.
See the screenshot [here](http://www.qubes-os.org/files/screenshots/release-1-beta-1/snapshot25.png).
Note that if you specify a rule by DNS name it will be resolved to IP(s) *at the moment of applying the rules*, and not on the fly for each new connection. This means it will not work for serves using load balancing. More on this in the message quoted below.
Understanding Qubes networking and firewall
===========================================
Understanding firewalling in Qubes
----------------------------------
For now, see this message:
Every AppVM in Qubes is connected to the network via a FirewallVM, which is used to enforce network-level policies. By default there is one default Firewall VM, but the user is free to create more, if needed.
For more information, see the following:
- [https://groups.google.com/group/qubes-devel/browse\_thread/thread/9e231b0e14bf9d62](https://groups.google.com/group/qubes-devel/browse_thread/thread/9e231b0e14bf9d62)
- [http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html](http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html)
How to edit rules
-----------------
In order to edit rules for a given domain, select this domain in the Qubes Manager and press the "firewall" button:
[Screenshot]
Note that if you specify a rule by DNS name it will be resolved to IP(s) *at the moment of applying the rules*, and not on the fly for each new connection. This means it will not work for serves using load balancing. More on this in the message quoted below.
Alternatively, one can use the `qvm-firewall` command from Dom0 to edit the firewall rules by hand: