mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2024-10-01 01:05:39 -04:00
Add more detailed installation instructions
This commit is contained in:
parent
78f25ea2c5
commit
f4df389713
14
README.md
14
README.md
@ -30,6 +30,20 @@ If you want to deploy manually, unpack `mirage-firewall.tar.bz2` in dom0, inside
|
|||||||
[tal@dom0 vm-kernels]$ qvm-run -p dev 'cat qubes-mirage-firewall/mirage-firewall.tar.bz2' | tar xjf -
|
[tal@dom0 vm-kernels]$ qvm-run -p dev 'cat qubes-mirage-firewall/mirage-firewall.tar.bz2' | tar xjf -
|
||||||
|
|
||||||
The tarball contains `vmlinuz`, which is the unikernel itself, plus a couple of dummy files that Qubes requires.
|
The tarball contains `vmlinuz`, which is the unikernel itself, plus a couple of dummy files that Qubes requires.
|
||||||
|
To configure your new firewall using the Qubes Manager GUI:
|
||||||
|
|
||||||
|
- Create a new ProxyVM named `mirage-firewall` to run the unikernel.
|
||||||
|
- You can use any template, and make it standalone or not. It doesn’t matter, since we don’t use the hard disk.
|
||||||
|
- Set the type to `ProxyVM`.
|
||||||
|
- Select `sys-net` for networking (not `sys-firewall`).
|
||||||
|
- Click `OK` to create the VM.
|
||||||
|
- Go to the VM settings, and look in the `Advanced` tab:
|
||||||
|
- Set the kernel to `mirage-firewall`.
|
||||||
|
- Turn off memory balancing and set the memory to 20 MB or so (you might have to fight a bit with the Qubes GUI to get it this low).
|
||||||
|
- Set VCPUs (number of virtual CPUs) to 1.
|
||||||
|
|
||||||
|
You can run `mirage-firewall` alongside your existing `sys-firewall` and you can choose which AppVMs use which firewall using the GUI.
|
||||||
|
To configure an AppVM to use it, go to the app VM's settings in the GUI and change its `NetVM` from `default (sys-firewall)` to `mirage-firewall`. Alternatively, you can configure `mirage-firewall` to be your default firewall VM.
|
||||||
|
|
||||||
For development, use the [test-mirage][] scripts to deploy the unikernel (`mir-qubes-firewall.xen`) from your development AppVM. e.g.
|
For development, use the [test-mirage][] scripts to deploy the unikernel (`mir-qubes-firewall.xen`) from your development AppVM. e.g.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user