Add note about firewall logs for troubleshooting

Fixes QubesOS/qubes-issues#5270
This commit is contained in:
AJ Jordan 2019-08-29 11:51:12 -07:00
parent a9137e98cf
commit cda9e8a2fb
No known key found for this signature in database
GPG Key ID: 26794034633DBBC0

View File

@ -387,3 +387,9 @@ Where to put firewall rules
Implicit in the above example [scripts](/doc/config-files/), but worth calling attention to: for all qubes *except* AppVMs supplying networking, iptables commands should be added to the `/rw/config/rc.local` script.
For AppVMs supplying networking (`sys-firewall` inclusive), iptables commands should be added to `/rw/config/qubes-firewall-user-script`.
Firewall troubleshooting
------------------------
Firewall logs are stored in the systemd journal of the qube the firewall is running in (probably `sys-firewall`).
You can view them by running `sudo journalctl -u qubes-firewall.service` in the relevant qube.
Sometimes these logs can contain useful information about errors that are preventing the firewall from behaving as you would expect.