mirror of
https://github.com/ben-grande/qusal.git
synced 2024-09-20 17:25:41 +00:00
| .. | ||
| clone.sls | ||
| clone.top | ||
| create.sls | ||
| create.top | ||
| init.top | ||
| install.sls | ||
| install.top | ||
| prefs-disp.sls | ||
| prefs-disp.top | ||
| prefs.sls | ||
| prefs.top | ||
| README.md | ||
sys-firewall
Firewall in Qubes OS.
Table of Contents
Description
Creates firewall qube, an App qube "sys-firewall" and a Disposable qube "disp-sys-firewall". By default, "sys-firewall" will be the "updatevm" and the "default_netvm", but you can configure "disp-sys-firewall" to take on these roles if you prefer, later instructed in the installation section below.
If you want an easy to configure firewall with ad blocking, checkout sys-pihole instead.
Installation
- Top:
qubesctl top.enable sys-firewall
qubesctl --targets=tpl-sys-firewall state.apply
qubesctl top.disable sys-firewall
qubesctl state.apply sys-firewall.prefs
- State:
qubesctl state.apply sys-firewall.create
qubesctl --skip-dom0 --targets=tpl-sys-firewall state.apply sys-firewall.install
qubesctl state.apply sys-firewall.prefs
Alternatively, if you prefer to have a disposable firewall:
qubesctl state.apply sys-firewall.prefs-disp
Usage
You should use this qube for handling updates and firewall downstream/client
qubes, in other words, enforce network policy to qubes that have
sys-firewall as its netvm. Read upstream firewall
documentation.