On 07/25/2016 10:40 PM, R.B. wrote:
On 07/25/2016 09:31 PM, Franz wrote:
On Mon, Jul 25, 2016 at 3:20 PM, Marek Marczykowski-Górecki
<marma...@invisiblethingslab.com
<mailto:marma...@invisiblethingslab.com>> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, Jul 25, 2016 at 03:14:02PM -0300, Franz wrote:
> On Mon, Jul 25, 2016 at 2:51 PM, Marek Marczykowski-Górecki <
> marma...@invisiblethingslab.com
<mailto:marma...@invisiblethingslab.com>> wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > On Mon, Jul 25, 2016 at 02:46:55PM -0300, Franz wrote:
> > > On Mon, Jul 25, 2016 at 1:24 PM, Marek Marczykowski-Górecki <
> > > marma...@invisiblethingslab.com
<mailto:marma...@invisiblethingslab.com>> wrote:
> > > > On Mon, Jul 25, 2016 at 12:06:54PM -0300, Franz wrote:
> > > > > On Mon, Jul 25, 2016 at 11:11 AM, Marek
Marczykowski-Górecki <
> > > > > marma...@invisiblethingslab.com
<mailto:marma...@invisiblethingslab.com>> wrote:
> > > > > > On Mon, Jul 25, 2016 at 09:37:10AM -0400, Steve Coleman
wrote:
> > > > > Anyway regarding Marek script I tried it in a dispVM, it
writes:
> > > > > tcpdump: listening on eth0, link-type EN10MB (Ethernet),
capture size
> > > > > 262144 bytes
> > > > >
> > > > > but then if on the same dispVM I use firefox to go to a
gmail
> > account or
> > > > > another account, nothing appears on the terminal.
> > > > >
> > > > > I even looked if anything changed on dispVM firewall
rules, but found
> > > > > nothing different.
> > > > >
> > > > > So how is this script working?
> > > >
> > > > I've just tried and it is still working. It should output
list of
> > > > blocked destinations in format of qvm-firewall commands
ready to load
> > > > into Qubes firewall.
> > > >
> > > ,
> > > "blocked destinations"? This makes me think that I should
block
> > > destinations somehow before running the script. Is that so?
> >
> > Yes, change VM firewall to deny by default.
> >
> >
> ok now it works, it outputted a list of addresses. But I have to
paste this
> list on firewall rules of that VM and this is on Qubes Manager
that is on
> Dom0, so normal copy paste between VMs does not work.
>
> I can only imagine of writing the addresses on a text file, then
copying
> the file to Dom0, using
>
> qvm-run --pass-io <src-vm> 'cat /path/to/file_in_src_domain' >
> /path/to/file_name_in_dom0
>
> opening the file in Dom0 (which seems half prohibited) and finally
copying
> the adresses to Qubes Manager.
>
> Otherwise I'll have to digit manually the addresses to Qubes
Manager.
>
> Which is the suggested way to do that?
Personally I do some thing like:
qvm-run --pass-io <src-vm> 'cat output-of-that-command'
After much trying I am unable to figure out how to get this command
working. If anybody may give an example I would appreciate.
Best
Fran
Hi Franz,
The way I use it:
- Make sure Marek's perl script is in the vm you want to monitor.
Preferably in /home/user.
- Make sure the firewall is set to "Deny network access except..." by
default.
- Open a terminal in Dom0.
- Enter the command:
qvm-run --pass-io YourVM 'sudo tcpdump -vni eth0 port 53 or icmp |
perl ./firewall-learn.pl'
- Run your program you want to monitor.
- Select the rules you think you need the program to run properly and
copy/paste them to another terminal in Dom0.
Few things I'm unsure about,
- a Check at ICMP?
- a Check at DNS?
- is using this perl script via qvm-run considered safe?
Have fun and thanks Marek for your script! Just what I needed!
Greetings,
RB
I'll answer one of my own questions:
DNS has to be checked if you want to filter on name instead of ip-adresses.
I noticed there can be some dalay between the action in the browser and
the result in the terminal.
Greetings,
RB
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f6ec2b15-259d-fc4e-d0d7-3636599fec73%40reboli.nl.
For more options, visit https://groups.google.com/d/optout.
