Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2025-04-25 09:29:19 -04:00
Code Issues Packages Projects Releases Wiki Activity

add qubes 4 hints

Browse Source
This commit is contained in:
Mindy 2018-01-06 05:48:38 -06:00
parent aca156f21b
commit a1b2aadff1
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -32,18 +32,18 @@ If you want to deploy manually, unpack `mirage-firewall.tar.bz2` in dom0, inside
The tarball contains `vmlinuz`, which is the unikernel itself, plus a couple of dummy files that Qubes requires. The tarball contains `vmlinuz`, which is the unikernel itself, plus a couple of dummy files that Qubes requires.
To configure your new firewall using the Qubes Manager GUI: To configure your new firewall using the Qubes Manager GUI:
- Create a new ProxyVM named `mirage-firewall` to run the unikernel. - Create a new ProxyVM named `mirage-firewall` to run the unikernel. (In Qubes 4, do this via the `qubes-vm-create` GUI. Check "Provides Network" and uncheck "HVM".)
- You can use any template, and make it standalone or not. It doesnt matter, since we dont use the hard disk. - You can use any template, and make it standalone or not. It doesnt matter, since we dont use the hard disk.
- Set the type to `ProxyVM`. - Set the type to `ProxyVM`.
- Select `sys-net` for networking (not `sys-firewall`). - Select `sys-net` for networking (not `sys-firewall`).
- Click `OK` to create the VM. - Click `OK` to create the VM.
- Go to the VM settings, and look in the `Advanced` tab: - Go to the VM settings, and look in the `Advanced` tab:
- Set the kernel to `mirage-firewall`. - Set the kernel to `mirage-firewall`. (In Qubes 4, qvm-prefs --set vmname kernel mirage-firewall)
- Turn off memory balancing and set the memory to 32 MB or so (you might have to fight a bit with the Qubes GUI to get it this low). - Turn off memory balancing and set the memory to 32 MB or so (you might have to fight a bit with the Qubes GUI to get it this low). (Qubes 4: qvm-prefs --set vmname memory 20, qvm-prefs --set vmname maxmem 20)
- Set VCPUs (number of virtual CPUs) to 1. - Set VCPUs (number of virtual CPUs) to 1. (Qubes 4: qvm-prefs --set vmname vcpus 1)
You can run `mirage-firewall` alongside your existing `sys-firewall` and you can choose which AppVMs use which firewall using the GUI. You can run `mirage-firewall` alongside your existing `sys-firewall` and you can choose which AppVMs use which firewall using the GUI.
To configure an AppVM to use it, go to the app VM's settings in the GUI and change its `NetVM` from `default (sys-firewall)` to `mirage-firewall`. Alternatively, you can configure `mirage-firewall` to be your default firewall VM. To configure an AppVM to use it, go to the app VM's settings in the GUI and change its `NetVM` from `default (sys-firewall)` to `mirage-firewall`. Alternatively, you can configure `mirage-firewall` to be your default firewall VM. (Qubes 4: qvm-prefs --set mirageos netvm mirage-firewall)
For development, use the [test-mirage][] scripts to deploy the unikernel (`mir-qubes-firewall.xen`) from your development AppVM. e.g. For development, use the [test-mirage][] scripts to deploy the unikernel (`mir-qubes-firewall.xen`) from your development AppVM. e.g.