On Wednesday, December 20, 2017 at 9:05:08 PM UTC, donoban wrote: > On 12/19/2017 08:05 PM, Thomas Leonard wrote: > > I'd like to announce the release of qubes-mirage-firewall 0.4: > > > > https://github.com/talex5/qubes-mirage-firewall/releases/tag/v0.4 > > > > This is a unikernel that can run as a QubesOS ProxyVM, replacing > > sys-firewall. It may be useful if you want something smaller or > > faster-to-start than the Linux-based sys-firewall, are worried about > > possible attacks against Linux's C net-front code, or just like playing > > with unikernels. > > > > Hi, > > I am thinking on testing it but I have no idea about unikernels and OCaml. > > If I'm not wrong you have to configure the rules for the firewall before > building the kernel image? Once you start it you have no way for change > rules?
Yes. With Qubes 4, it should be possible to update the rules at runtime from QubesDB (see https://github.com/talex5/qubes-mirage-firewall/issues/24), but that isn't implemented yet. > I don't know if I will have success with it and use it but thanks for > your effort. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/90166ff3-11c3-4445-bb29-401e69c8ba63%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
