From e17c31da59144fd106948e4f7b8f11dde1cc2668 Mon Sep 17 00:00:00 2001 From: unman Date: Wed, 2 Jan 2019 11:57:04 +0000 Subject: [PATCH] Update Firewall.md Make it clear that limit on number of rules only applies prior to R4.0 --- security/firewall.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/firewall.md b/security/firewall.md index c2cac8d1..f9de369a 100644 --- a/security/firewall.md +++ b/security/firewall.md @@ -48,9 +48,10 @@ in that VM's directory in dom0: /var/lib/qubes/appvms//firewall.xml -Please note that there is a 3 kB limit to the size of the `iptables` script. +Please note that there is a 3 kB limit to the size of the `iptables` script in Qubes versions before R4.0. This equates to somewhere between 35 and 39 rules. If this limit is exceeded, the qube will not start. +The limit was removed in R4.0. It is possible to work around this limit by enforcing the rules on the qube itself by putting appropriate rules in `/rw/config`.