actually I think that reliance on mangle can be avoided since routing table selection can be done by source address rather than firewall marks. marks are good to differentiate different types of traffic but in our case all traffic should be trated the same. there is difference in how traffic from the vpn vm is routed. this leads to two different attack vectors by a potentially compromised server. for the official solution routing tables can be manipulated, for Rudd-O's tool problems may arise from martian packets. some thought need to be given to proper firewalling.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6603fa95-46f6-488b-8b90-13ee95543c18%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.