On Thu, Mar 09, 2017 at 10:11:49PM +0100, evo wrote: > > > On 03/09/2017 10:07 PM, Chris Laprise wrote: > > On 03/09/2017 03:46 PM, evo wrote: > >> > >> > >> On 03/09/2017 09:36 PM, Chris Laprise wrote: > >>> On 03/09/2017 03:17 PM, evo wrote: > >>>> > >>>> > >>>> On 03/09/2017 09:07 PM, Chris Laprise wrote: > >>>>> On 03/09/2017 01:49 PM, evo wrote: > >>>>>> Hey! > >>>>>> > >>>>>> i've written some rules to /rw/config/qubes-firewall-user-script and > >>>>>> made it "sudo chmod +x /rw/config/qubes-firewall-user-script" but > >>>>>> still > >>>>>> have the problem with some connections i posted there. > >>>>>> > >>>>>> I made it in the VM, i use in that case. > >>>>>> > >>>>>> Here is one of the rules: > >>>>>> iptables -I FORWARD -s (the IP of the VM i use) -d (the IP of the > >>>>>> website with x.0.0.0/8) -p tcp --dport 443 -j ACCEPT > >>>>>> > >>>>>> some ideas? > >>>>>> > >>>>> > >>>>> Does the rule show up when you 'iptables -L'? If so, that would > >>>>> indicate > >>>>> the script is working. Also, you can add a line like 'touch > >>>>> /rw/config/TEST' to see if the script is working. > >>>>> > >>>>> > >>>>> > >>>> > >>>> > >>>> i've testet it on the Firewall-VM and i can see just the first rule i > >>>> wrote, the others are not there. > >>>> > >>> > >>> Seems to be a problem with iptables syntax. You can try running the > >>> script manually to see if any errors are printed. > >>> > >> > >> with sudo sh qubes-firewall-user-script comes nothing .. so it seems to > >> have no problems.. > >> > >> strange the lines were just copied from the first line, but just the > >> first line is activated. > >> > > > > Adding '-vv' to the commands will make them verbose. > > > > > with -vv it shows me the whole script in terminal.. without problems. > > hmm... wait... do i need "iptables -I" just one time at the beginning? > i think this is the mistake. i have it before every line.
Each line is evaluated separately, so you need the full command on each line. There's nothing wrong with the line you quoted. Post another line - one that you think isn't implemented, or better still the whole of the file. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170309224513.GB11868%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
