Hi, I created a sys-firewall based on debian-10-minimal:
* qvm-clone debian-10-minimal deb-10-sys-firewall * qvm-create --template deb-10-sys-firewall --label blue dvm-sys-firewall * qvm-prefs dvm-sys-firewall template_for_dispvms True * qvm-create --class DispVM --template dvm-sys-firewall --lable blue sys-firewall * qvm-prefs sys-firewall provides_network True * qvm-prefs sys-firewall netvm sys-net Then in deb-10-sys-firewall (template): * sudo apt-get install qubes-core-agent-networking qubes-core-agent-dom0-updates * attempting to install iproute tells me that this package no longer exists and I shall try iproute2 * iproute2 does exist and was already installed Then in dvm-sys-firewall (template for disposable): * added "iptables -I FORWARD 2 -s 10.137.0.21 -d 10.137.0.25 -j ACCEPT" to /rw/config/qubes-firewall-user-script Then shut everything down and started sys-firewall. Result: * network connectivity working * the above mentioned iptables rule is working (.21 can connect to .25) * qubes-qube-manager gives me this error when I try to edit the firewall rules of any qube connected to sys-firewall: "Networking qube does not support 'qubes-firewall' - firewall restrictions will not be applied." * however it does not give me this error when I try to edit other qubes connected to sys-whonix Any ideas? /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200204002930.GA959%40app-eml-private.
