https://github.com/QubesOS/qubes-issues/issues/3556
> An idea: Debian don't have nftables installed by default, so > qubes-firewal fallback to iptables. But not on Fedora - there nftables > is used. This applies to both sys-net and sys-firewall. > > A quick test: > > 1. List rules: > > nft list table ip qubes-firewall > > 2. Add rule accepting traffic from eth0: > > nft add rule ip qubes-firewall forward meta iifname eth0 accept > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? That did it! Thanks so much for the quick resolve. This was my results from `nft list table ip qubes-firewall` ``` table ip qubes-firewall { chain forward { type filter hook forward priority 0; policy drop; ct state established,related accept ip saddr 10.137.0.6 jump qbs-10-137-0-6 } chain qbs-10-137-0-6 { accept drop } } ``` `nft add rule ip qubes-firewall forward meta iifname eth0 accept` adds `iifname eth0 accept` to the bottom of chain forward Is it intended that fedora uses both iptables and nft? Are there any security implications for allowing iifname eth0 accept (in my case for fedora-26, ens5)? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/c3a67dfd-663e-4a34-86a8-256c9d8fa153%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.