On Wednesday, April 10, 2019 at 3:12:25 AM UTC+1, Sphere wrote: > So I have now also boarded the mirage-firewall VM hype to replace > sys-firewall in order to take advantage of the very nice small memory > consumption of just 32 MB > > After searching around I literally failed to find anything that could help me > know how I'm gonna edit rules.ml in the mirage-firewall VM > > The VM as it is right now is running on fedora-29 and trying to launch > gnome-terminal/xterm in the VM using qvm-run returns with the error code that > I usually get when it doesn't recognize the command/command does not exist in > the VM at all > > May I ask for any leads in getting through this?
mirage-firewall doesn't use a hard disk, so being based on the fedora-29 template doesn't make any difference (it won't load anything from it). It's not Linux. There's no terminal, no graphics system, and no bash. Not even /bin/sh. In fact, there's no filesystem, so no "/" at all. Commands are handled here: https://github.com/mirage/qubes-mirage-firewall/blob/master/command.ml - as you can (maybe) see, it only supports SetDateTime and WaitForSession commands by default. To change the rules, you edit rules.ml, rebuild and redeploy (this should only take a couple of seconds after the first build). Rules.from_client is an OCaml function that takes one argument giving information about an IP packet as input, and returns an action saying what to do about it. The type of this argument is specified in https://github.com/mirage/qubes-mirage-firewall/blob/master/packet.ml To get a quick overview of OCaml syntax, try https://try.ocamlpro.com/ For lots of details: http://dev.realworldocaml.org/ I believe some people are planning to add support for reading the rules from QubesDB so you can instead configure the firewall interactively with the dom0 GUI, like you can for sys-firewall. I'm not sure what the status of that work is, though. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c333a2f9-8932-4cc3-a375-df7eaf6d9c6c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
