Merge branch 'firewall-logs' of https://github.com/strugee/qubes-doc into strugee-firewall-logs

This commit is contained in:
Andrew David Wong 2019-09-15 16:24:23 -05:00
commit c2de80fe46
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17

View File

@ -472,3 +472,9 @@ Where to put firewall rules
Implicit in the above example [scripts](/doc/config-files/), but worth calling attention to: for all qubes *except* AppVMs supplying networking, iptables commands should be added to the `/rw/config/rc.local` script.
For AppVMs supplying networking (`sys-firewall` inclusive), iptables commands should be added to `/rw/config/qubes-firewall-user-script`.
Firewall troubleshooting
------------------------
Firewall logs are stored in the systemd journal of the qube the firewall is running in (probably `sys-firewall`).
You can view them by running `sudo journalctl -u qubes-firewall.service` in the relevant qube.
Sometimes these logs can contain useful information about errors that are preventing the firewall from behaving as you would expect.