Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-01-26 22:37:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added ref to qubes-issues#3644 in firewall.md

Browse Source
This commit is contained in:
Alex Dubois 2018-03-01 06:07:08 +00:00 committed by GitHub
parent bdca061d21
commit a10e4fa900
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
security/firewall.md
View File

@ -182,7 +182,7 @@ network 192.168.x.0/24.
**1. Route packets from the outside world to the FirewallVM**
From a Terminal window in sys-net VM, take note of the 'Interface name' and
'IP address' on which you want to expose your service (i.e. eth0, 192.168.x.x)
'IP address' on which you want to expose your service (i.e. ens5, 192.168.x.x)
` ifconfig | grep -i cast `
@ -207,7 +207,7 @@ the service
> Note: If you want to expose the service on multiple interfaces, repeat the
steps described in part 1 for each interface
> Note: On Qubes R4, nftables is also used which imply that nft rules also need to be set. Qubes OS has defined a `qubes-firewall` table with a forward chain.
> Note: In Qubes R4, at the moment ([QubesOS/qubes-issues#3644](https://github.com/QubesOS/qubes-issues/issues/3644)), nftables is also used which imply that additional rules need to be set in a `qubes-firewall` nft table with a forward chain.
`nft add rule ip qubes-firewall forward meta iifname eth0 ip daddr 10.137.0.x tcp dport 443 ct state new counter accept`