https://github.com/QubesOS/qubes-issues/issues/3556
> An idea: Debian don't have nftables installed by default, so
> qubes-firewal fallback to iptables. But not on Fedora - there nftables
> is used. This applies to both sys-net and sys-firewall.
>
> A quick test:
>
> 1. List rules:
>
> nft list table ip qubes-firewall
>
> 2. Add rule accepting traffic from eth0:
>
> nft add rule ip qubes-firewall forward meta iifname eth0 accept
>
> - --
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
That did it!
Thanks so much for the quick resolve.
This was my results from `nft list table ip qubes-firewall`
```
table ip qubes-firewall {
chain forward {
type filter hook forward priority 0; policy drop;
ct state established,related accept
ip saddr 10.137.0.6 jump qbs-10-137-0-6
}
chain qbs-10-137-0-6 {
accept
drop
}
}
```
`nft add rule ip qubes-firewall forward meta iifname eth0 accept`
adds `iifname eth0 accept` to the bottom of chain forward
Is it intended that fedora uses both iptables and nft?
Are there any security implications for allowing iifname eth0 accept (in my
case for fedora-26, ens5)?
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/c3a67dfd-663e-4a34-86a8-256c9d8fa153%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
