On Wed, Jul 14, 2021 at 04:35:42PM +0000, Michael Singer wrote: > > On Wed, Jul 14, 2021 at 04:40:29, unman wrote: > > > Disable all unnecessary services in the qube - that means almost all of > > them. > > Where would you look for such services?
Look to see what's running in the template/qube. > > Would you let my Qube, which is supposed to connect to only one IP address on > the internet, be based on an extra firewall-vm? Would that more secure? You could do this: it would have one particular advantage, in that you could set custom rules in sys-net to restrict access from that sys-firewall to the specified IP address. > > In the Qube settings for the services there is the service > "disable-default-route". I have not found anything about what it does. In my > case, would it be better to leave it on or turn it off? > man qvm-service - this service will remove the default gateway entry. So a qube would be able to access immediate neighbours but not step beyond. It's not what you want here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210715115023.GG20432%40thirdeyesecurity.org.