-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 3/8/19 3:28 PM, [email protected] wrote: > I'm trying to setup an appvm like this: > > appvm -> appvm_firewall -> vpn -> vpn_firewall -> sys-net > > I want to tighten the firewall rules and do a deny policy. How can > I get a log of dropped firewall packet logs from appvm_firewall or > vpn_firewall? I've tried a few different iptables commands but I > haven't really had any success.
unfortunately, the Qubes firewall do not support any kind of custom rules, including logging. Moreover it is using a mixed set of iptables and nftables which makes it much more complicated. I had a proposal about this exact issue before, by extending the action with the log type of rules, but as I do not have time to check and/or implement it, I guess it is just dropped. Now if you want this feature, you have to replace the whole default firewall set, which is not trivial. - -- Zrubi -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlyCvXsACgkQVjGlenYH FQ0wmA/+MIoylSBSYbkrztGdPdJTlCGN83cnE9+xnuv/oE3dPXai0r7jKSVCxqq+ bZqLXVFh32O/hBZQKlpV3dGmU9q1ZPYys/S6NZl2WW1pGQ/+zdrrC1wHSQtVIoB7 AuuFpIU088QFvY6J0Vw8QlQWMKgx26/PlP0i6qHIZR8Vc7SwpUqcMcrv36E5DGwA YZ59Cq9i2IsUgiirPzCtmz5jL7OsQqcOS5cGKqtFhfu5YqYQMhnED98EvlaAqP9l HD23klqSWWpDyJsQ9TY1NvdEENwf6hwKGV3J2T0tRdVCvOXjrcfgbp+KCCc7WAGL mXkBSv6TjRPJiAwI4kpn5fCj2Z+j8FQjGaDNoTUBFoOp9a1MJs9XBc5m9qAxIv3S ua2HxTCnwlH8twHE66bdBtCX+Izd+MJbFwrBuVll7f/G8gF2crVrj/ipu2vd4/0v wc7qKjoIQ1YayKgB4J9iRr3XNNKgJ9XF7TYPFFodYaPXUNYtxRzrU/H+02yIdyoJ ZZ3MPc6hC2cC8eXmx9ke3zXaXnSifh8l6r6vCk60eW5nCf1TxE1mwYH1cZaKPIhO SvuTf3RCcFB5PIVbyPuRjjcaKUgFZco634GlZj1bbOIbLeXtqe2FfcjLUUajoXMh 7iLtJxvn9nv2mxBxv6xHT2lOMyVbTbxMt+7pkXti8jMguxUMB0I= =WqkH -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/09b8ae77-c1fa-e79c-b02e-fc4a939ced8c%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
