-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Jun 30, 2016 at 02:15:35PM -0700, grzegorz.chodzi...@gmail.com wrote: > > Preamble > Qubes OS offers an option to restrict network traffic within a VM to a > specific address/domain/website which is a very useful feature as it allows > the user to control networking within VMs. > > > Issue > However if the user wants to be 100% sure only the dedicated VM can access a > specific web resource, they need not only to allow the dedicated VM access to > a said resource, they also need to deny access to said resource for every > other VM they use. As the number of VMs grow larger this task will get more > and more mundane. > > Suggestion > Allow users to apply firewall rules to several VMs at once. This mechanism > could be implemented either in Qubes Manager GUI or as a separate GUI > application. > > Sample options > > Make exclusive - allowing access to a specific resource automatically denies > access to said resource for all other VMs except for the system VMs > > Apply to all - allowing access to a specific resource grants all other VMs > access to said resource > > Apply to selected - additional checkbox would appear in QM allowing the user > to select VMs to which the rule would apply > > Apply to all from the same TemplateVM - self-explanatory > > I believe such a feature would greatly improve the efficiency as well as > minimize the risk of user error.
Thanks for suggestion. But in practice we don't have resources to implement this (we have a lot of higher priority tasks). So either someone from the community would implement this, or no one.... That's said, it is already possible using command line interface and a simple script. For example: for vm in work-vm1 work-vm2 work-vm3; do qvm-firewall -a $vm corporate-server.com tcp https done - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXdhgGAAoJENuP0xzK19csISgH/0J0XKwKe11Phn1Z1ZwuMuAR t2wOj/Icc8g4hIgypYMPuEMiivjArw6scCEoLRTIqDVFlO01tGwkdTomb/Nkah87 n/dI37/dVn83KOz4k58Oo3El/EDJxZYk3EiRb7eZa0XhZ03GzskYVkDXuqjdAqDB jAjKVWD8XqMOmfv67ZoFmkvFaJjZF56/JcGHCdiFMl3bwy+ForO78VG8Qo+lChmG 0Qmp9sK0hcx6QZzBhfeu+1ZCvANqXPzD7v/sPTNgie9Ivd14pMVvHSOwItYsJNng ufwPepGdPcO1hp2YAu1TPYPekbtAyZuHI2irDpxJFSPVHqv5SxXnj8yg9fqzJr4= =b4EL -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160701071309.GR1323%40mail-itl. For more options, visit https://groups.google.com/d/optout.