-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, Sep 25, 2016 at 08:09:34AM +0200, Fabian Wloch wrote: > > What is the purpose of sys-firewall..? > > > > I noticed that every App VM has its own "Firewall Rules" > inside of VM > > Settings. > > > > So therefore, what is the purpose of sys-firewall..? > > > > Thanks > > The reason I am aware of: VMs should not see each other. firewallVM allows > them to see/connect to netVM, but not to other appVMs etc that are running. > Also, if the netVM gets compromised over a bug in the network driver of your > wifi/ethernet card, it only sees firewallVM and not your appVMs, on which > may run services, which would increase the attack surface of your system.
Yes. And in addition to this, firewall rules set in VM settings are actually enforced by sys-firewall. This means VM itself has no control over its own firewall rules - for example can't disable them. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJX58OrAAoJENuP0xzK19csDEIIAIKxEUEosI1E/ba2dALDH4RJ QScg9bwDhGyzty/1d7i42tJRNMHnhQmDFHh9C7+LSshhtSCVeL9tPh7SZbC4wFI0 cDDAkVi5cz+ys5sJsbHpQ++yHzAzDMbXFicvoN+tTFSZ5rrTQg5THPFRTnbALTjN KdVYUrRdgmElOflV+/qfz4h4WUMYyJTt7Y4Et7Zhc9wgUYUbcDi+1PX4wFqO8xD3 I3/pI741GmgceNqZKuv83b64TkeVp/AAdMqOkQd3jqBYagAxp6oTaHo+lOaBYBU3 JHY1R3txDdVhok5lXAbXyrz9nwFg1jcnUaswgmD5kGHLJABtm8K49U6V7w2Cvrk= =Mdlj -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160925123138.GJ31510%40mail-itl. For more options, visit https://groups.google.com/d/optout.