mirror of
https://github.com/ben-grande/qusal.git
synced 2024-10-01 02:35:49 -04:00
51 lines
1.3 KiB
Markdown
51 lines
1.3 KiB
Markdown
|
# sys-firewall
|
||
|
|
|
||
|
|
Firewall in Qubes OS.
|
||
|
|
|
||
|
|
## Table of Contents
|
||
|
|
|
||
|
|
* [Description](#description)
|
||
|
|
* [Installation](#installation)
|
||
|
|
* [Usage](#usage)
|
||
|
|
|
||
|
|
## Description
|
||
|
|
|
||
|
|
Creates firewall qube, an App qube "sys-firewall" and a Disposable qube
|
||
|
|
"disp-sys-firewall". By default, "sys-firewall" will be the "updatevm" and the
|
||
|
|
"default_netvm", but you can configure "disp-sys-firewall" to take on these
|
||
|
|
roles if you prefer, later instructed in the installation section below.
|
||
|
|
|
||
|
|
If you want an easy to configure firewall with ad blocking, checkout
|
||
|
|
sys-pihole instead.
|
||
|
|
|
||
|
|
## Installation
|
||
|
|
|
||
|
|
- Top:
|
||
|
|
```sh
|
||
|
|
qubesctl top.enable sys-firewall
|
||
|
|
qubesctl --targets=tpl-sys-firewall state.apply
|
||
|
|
qubesctl top.disable sys-firewall
|
||
|
|
qubesctl state.apply sys-firewall.prefs
|
||
|
|
```
|
||
|
|
|
||
|
|
- State:
|
||
|
|
<!-- pkg:begin:post-install -->
|
||
|
|
```sh
|
||
|
|
qubesctl state.apply sys-firewall.create
|
||
|
|
qubesctl --skip-dom0 --targets=tpl-sys-firewall state.apply sys-firewall.install
|
||
|
|
qubesctl state.apply sys-firewall.prefs
|
||
|
|
```
|
||
|
|
<!-- pkg:end:post-install -->
|
||
|
|
|
||
|
|
Alternatively, if you prefer to have a disposable firewall:
|
||
|
|
```sh
|
||
|
|
qubesctl state.apply sys-firewall.prefs-disp
|
||
|
|
```
|
||
|
|
|
||
|
|
## Usage
|
||
|
|
|
||
|
|
You should use this qube for handling updates and firewall downstream/client
|
||
|
|
qubes, in other words, enforce network policy to qubes that have
|
||
|
|
`sys-firewall` as its `netvm`. Read [upstream firewall
|
||
|
|
documentation](https://www.qubes-os.org/doc/firewall/).
|