lik...@gmx.de:
Hi!
Due to the current implementation/design of qubes firewall, it's hard to use domain names
for firewall rules, because of "static" DNS resolution:
https://github.com/QubesOS/qubes-issues/issues/5225
To find out the "connection wishes/tries" of an executable, what's the
recommendation to use them for firewall rules?
1. Let's assume all network access except DNS is restricted from a
AppVM. How can I find out which domains/IPs which executable is trying to
use/connect to?
2. What are you're best practices to find out all IPs for a domain to
white list them?
Best, P
1. netstat -pan, and/or tcpdump from somewhere networking isn't blocked.
Might have to watch DNS requests to see what it's attempting to resolve.
Don't know of a way to do it with networking disabled.
2. Check the vendor's documentation/KB.
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/2880b609-c97a-b4bc-27ed-d53c1a079f8c%40danwin1210.me.