I have added new firewall rules to https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061/58 These rules need to be reviewed. I will do it myself when I have the chance but that will be in a few months. On Sunday, March 23rd, 2025 at 6:40 AM, skiinglasso2 <[email protected]> wrote:
> There's a bug in qubes-firewall.service. It should pull in and be ordered > before network-pre.target such that the firewall rules are guaranteed to be > in place before the network is raised. > > From man sytemd.special, > network-pre.target > This passive target unit may be pulled in by services that want to > run before any network is set up, for example for the purpose of > setting up a firewall. All network management software orders > itself after this target, but does not pull it in. > > From https://systemd.io/NETWORK_ONLINE/ > network-pre.target is used to order services before any network interfaces > start to be configured. Its primary purpose is for usage with firewall > services that want to establish a firewall before any network interface is > up. Services that want to be run before the network is configured should use > Before=network-pre.target and Wants=network-pre.target. > > I suggest applying this change so that people who are currently relying on > this popular guide > https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061 can > continue to do so without having to make modifications to systemd themselves. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/qubes-devel/EGFGDpCtbAdjO3fCM6mQrirP5Zn08791D6aDUZjuIEQ-jm-VJprf18xa8jbYPpX774-_WPo7yFAYnpfQjTX9BhdcZcMyflr-hck6LGs3jy8%3D%40proton.me.
