Re: [qubes-users] Re: Amnesic QubesOS

[Jean-Philippe Ouellet]

On Tue, Feb 14, 2017 at 9:45 PM,   wrote:
> There is the option to use a disposable vm for everything if you want?

Note that the current implementation of DispVMs does not resist local forensics:
- https://www.qubes-os.org/doc/dispvm/#disposable-vms-and-local-forensics
- https://github.com/QubesOS/qubes-issues/issues/904
- https://groups.google.com/forum/#!topic/qubes-devel/QwL5PjqPs-4/discussion

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_BDZkVfjASbhqQiZy-TDEdc9FZBMek0vDrPZ5JLMXHJpQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to safely use Wireshark in Qubes?

[Chris Laprise]

On 02/14/2017 09:41 PM, raahe...@gmail.com wrote:


isn't tcpdump just as vulnerable though if not more?

I run things like that in sys-net since i consider it extremely untrusted, but 
if you have the resources or want only specific streams,  sure a separate 
template or seperate vm i would assume is more secure.


Since sys-net is untrusted, try using a proxyVM which should be much 
safer. At least it'll work for IP traffic.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/393b1269-3777-5608-cc39-983124c94ec6%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes not detecting Spidf audio out

[Nautilus Maximus]

Hi all,
I have qubes up and running, no real issues... well... except one. Qubes has 
detected my normal hardware audio out and my HDMI Audio out but it has not 
detected my Spidf out. This is a real deal breaker for me as I use an SMSL 
headphone amp with only one input "Spidf". My MB is a Ausrock 990 fx killer. 
All other linux distro's including fedora, ubuntu, Arch, Gentoo and puppy Linux 
can detect it. Is there any way to get this up and running Any tips and or 
advice would be appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c6f3bd68-2e7d-42ee-8401-f32a3ca58f3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] AEM questions

[Chris Laprise]

On 02/14/2017 05:50 PM, j...@vfemail.net wrote:


hi.
since i will be traveling for a bit, my threadmodell changed and i 
want aem.

when reading the documentation, a few questions came up:
(in any case, i will  use a passphrase for aem.)

1) is there a difference between using an usb drive or using an 
internal partition? (except of having a second device in case of an 
usb drive)




Yes. You should keep your AEM boot with you on a separate device. If you 
don't, an attacker could see your secret phrase by booting the system.


This is also important if you want AEM to warn you after a /remote/ 
(non-Evil Maid) attack has affected your BIOS.



2) citing from the aem readme:
'If you've chosen the latter option [using an external boot device], 
you should then remove the internal

boot partition from dom0's /etc/fstab, never mount it again in dom0, and
never boot from it again, because an attacker might modify it to exploit
GRUB or dom0 filesystem drivers.'
what would happen if i lost my external boot device?
could i still boot without it?



You wouldn't be able to boot immediately. But you could later use a 
Qubes install disk to re-create a boot partition, or restore a partimage 
backup of the boot drive, or use a (trusted) live CD to unlock your 
Qubes drive and backup the VMs before installing Qubes anew.


3) is unhiding my usb devices only required during aem setup? (i guess 
so, but i thought, i would ask)




I think you refer to the option that suppresses USB devices during boot. 
This should be turned off when booting AEM (not just installing) from a 
USB stick so the verification sequence can read the secret from the USB 
stick.


However, you can configure a sys-usb VM to run automatically on startup, 
and this will isolate USB devices from the rest of the system. So... 
when booting AEM don't leave odd or untrusted devices plugged into your 
USB ports, because the system may be vulnerable during boot (but after 
boot you should be protected if sys-usb is running and configured properly).


4) The article from 2011 
(http://theinvisiblethings.blogspot.hu/2011/09/anti-evil-maid.html) 
mentions keyfiles.

Is this implemented? (the readme says nothing about it)



I don't recall seeing this implemented. There may be some workaround 
such as specifying the passphrase in the config... see "man crypttab" 
for details; in that case, the USB stick literally becomes a key to your 
main drive.


Chris



-joe



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ad2bbe1d-6d5b-f74b-6e7b-5fb2c9a09dce%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Installation Media Self-Check Confusion

[raahelps]

On Monday, February 13, 2017 at 2:26:42 PM UTC-5, bf18...@gmail.com wrote:
> On Monday, February 13, 2017 at 1:07:44 PM UTC-6, raah...@gmail.com wrote:
> > On Sunday, February 12, 2017 at 7:33:43 PM UTC-5, bf18...@gmail.com wrote:
> > > Hello,
> > > 
> > > I have been trying to install R3.2 and even though I have tried burning 
> > > both usbs and dvds and using different burning programs (including just 
> > > dd for the usb) it always results in it saying that the .iso is 
> > > unsupported and the install media is fragmented (20 count with a md5 
> > > sum(I can include that if it helps)). The weird part though is that it 
> > > says it before the media check starts and if I let it finish the check it 
> > > say's that it passed and will continue to the graphical interface. I also 
> > > verified it before burning and the files were (reasonably) trust-able. 
> > > Does anyone have any advice on if it can be trusted in general or have 
> > > had this happen before?
> > > 
> > > Thanks in-advance for even glancing
> > 
> > what happens when it goes to the graphicsal interface?
> > 
> > have you tried it on diff ports, diff pc?
> > 
> > what mobo? how exactly are you verifying it?
> 
> When it goes to the interface everything seems exactly the same as it used to 
> for anaconda (I have used qubes before in some of its earlier forms and 
> release candidates). It even runs a standard install but I'm not sure why it 
> would continue when it usually refuses if anything faults.
> 
> I've tried two pc's, one using windows and one using deb. 
> 
> I've verified with gpg4win and reg gpg with sha251 checks. Mobo is intel 
> celeron.

so on the other two pc's u get the same self check error message?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b3cc7f4-8b07-45b7-9306-c3ac81ac4f34%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Amnesic QubesOS

[raahelps]

On Tuesday, February 14, 2017 at 11:56:21 AM UTC-5, pri aif wrote:
> Would this work?
> 
> Install Qubes onto USB Drive then boot up setup all VMs update everything and 
> power off then plug writeblocker between USB-Drive and USB-Port boot up and 
> once done turn off and no writing changes to the USB-Drive have been done?
> Only ever boot without the write-blocker to install updates preferably from a 
> different network only ever used for updates.
> Could this be a workaround to the last thing Tails is superior in (amnesia)?

probably not, don't think its a goal of Qubes-os, this is for normal desktop 
users.  There is the option to use a disposable vm for everything if you want?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4df20460-bd06-480a-afd0-8826857d7012%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to safely use Wireshark in Qubes?

[raahelps]

isn't tcpdump just as vulnerable though if not more?

I run things like that in sys-net since i consider it extremely untrusted, but 
if you have the resources or want only specific streams,  sure a separate 
template or seperate vm i would assume is more secure.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/933bdaa4-c7c1-40e3-9285-9bc14d5701f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] AEM questions

[jd87]

hi.
since i will be traveling for a bit, my threadmodell changed and i want
aem.
when reading the documentation, a few questions came up:
(in any case, i will  use a passphrase for aem.)

1) is there a difference between using an usb drive or using an internal
partition? (except of having a second device in case of an usb drive)
2) citing from the aem readme:
'If you've chosen the latter option [using an external boot device], you
should then remove the internal
boot partition from dom0's /etc/fstab, never mount it again in dom0, and
never boot from it again, because an attacker might modify it to exploit
GRUB or dom0 filesystem drivers.'
what would happen if i lost my external boot device?
could i still boot without it?
3) is unhiding my usb devices only required during aem setup? (i guess so,
but i thought, i would ask)
4) The article from 2011
(http://theinvisiblethings.blogspot.hu/2011/09/anti-evil-maid.html)
mentions keyfiles.
Is this implemented? (the readme says nothing about it)

-joe


-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170214165013.Horde.eG6CBeDh3PG1rsUKL2n6-Q7%40www.vfemail.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How install visual studio code on the template Fedora ?

[Unman]

On Tue, Feb 14, 2017 at 01:19:17PM -0800, codeur4l...@gmail.com wrote:
> Yes, this is what I try to do. 
> I have download the .rpm file from my personal VM, then I have copy this file 
> into the fedora template. The problem is I don't know where is this file now 
> because in the fedora template I don't have a file manager. 
> I tried execute 'sudo dnf install .rpm' with the appropriate name in 
> the fedora template terminal but it don't find the file.
> 

When you copy or move a file to a qube it is placed in ~/QubesIncoming
under the name of the source.
cd to that directory and you will be able to install the file you have
copied across.

This is in the docs at www.qubes-os.org/doc/copying-files/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2017021416.GA648%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Make xfce4-netload-plugin display next to netvm icon?

[HawKing]

The network monitor plugin displays nicely colorized current network
traffic rate on the XFCE panel. I would like to get this displaying
the netVM's traffic rate, next to the red netvm in Dom0's panel.
However, typically it doesn't run in the "notification area", and I'm
not sure how to get it displayed in Dom0 (as the netvm icon is). 

Can anyone point me in the right direction ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37CFE930-E72A-44A8-86BC-36A437CF6727%40mail.bitmessage.ch.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How install visual studio code on the template Fedora ?

[codeur4life]

Yes, this is what I try to do. 
I have download the .rpm file from my personal VM, then I have copy this file 
into the fedora template. The problem is I don't know where is this file now 
because in the fedora template I don't have a file manager. 
I tried execute 'sudo dnf install .rpm' with the appropriate name in the 
fedora template terminal but it don't find the file.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0ec2a20c-71bd-4dba-81bb-e6f683d21186%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How install visual studio code on the template Fedora ?

[codeur4life]

Le mardi 14 février 2017 21:45:31 UTC+1, Unman a écrit :
> On Tue, Feb 14, 2017 at 12:03:01PM -0800, codeur4l...@gmail.com wrote:
> > I really need to know how install software.
> > It is obscure to me and qubes documentation don't gave me the solution.
> > Nobody have idee ?
> > 
> 
> What is it that you do not understand? The page you reference provides
> absolutely explicit instructions.
> Is there anything unclear on this page?
> www.qubes-os.org/doc/software-update-vm/
> 
> You should install software in to a templateVM, and then it will be
> available in all qubes based on that template.
> 
> So choose your template - Debian or Fedora.
> Download the code for the Template you chose , as instructed on that page.
> Then copy the downloaded file to your template.
> Run the appropriate command(s) in the template.
> 
> Shut down the template.
> Start a qube based on the template and check that "code" works.

Yes, this is what I try to do.
I have download the .rpm file from my personal VM, then I have copy this file 
into the fedora template. The problem is I don't know where is this file now 
because in the fedora template I don't have a file manager.
I tried execute 'sudo dnf install .rpm' with the appropriate name in the 
fedora template terminal but it don't find the file.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/65788bc1-b0a9-4662-a285-a910234400cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: How install visual studio code on the template Fedora ?

[Unman]

On Tue, Feb 14, 2017 at 12:03:01PM -0800, codeur4l...@gmail.com wrote:
> I really need to know how install software.
> It is obscure to me and qubes documentation don't gave me the solution.
> Nobody have idee ?
> 

What is it that you do not understand? The page you reference provides
absolutely explicit instructions.
Is there anything unclear on this page?
www.qubes-os.org/doc/software-update-vm/

You should install software in to a templateVM, and then it will be
available in all qubes based on that template.

So choose your template - Debian or Fedora.
Download the code for the Template you chose , as instructed on that page.
Then copy the downloaded file to your template.
Run the appropriate command(s) in the template.

Shut down the template.
Start a qube based on the template and check that "code" works.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170214204527.GA32465%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to safely use Wireshark in Qubes?

[turboacan]

Sys-net app or make standalone fedora minimal template?

Subj.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49f7040c-799c-43fb-9f00-f3f211f4dcb5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Lenovo T460s [20FAS0AE00]

[Others call me jean]

Works very well!

For NVMe installation you need the workaround from:
https://github.com/QubesOS/qubes-issues/issues/2381

With the unstable kernel (current 4.8.12) it works more stable.

The DisplayPort has some problem and the system crash regularly on plug
in. HDMI works.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/o7vds8%24brs%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-20FAS0AE00-20170214-180106.yml
Description: application/yaml

[qubes-users] Amnesic QubesOS

[pri aif]

Would this work?

Install Qubes onto USB Drive then boot up setup all VMs update everything and 
power off then plug writeblocker between USB-Drive and USB-Port boot up and 
once done turn off and no writing changes to the USB-Drive have been done?
Only ever boot without the write-blocker to install updates preferably from a 
different network only ever used for updates.
Could this be a workaround to the last thing Tails is superior in (amnesia)?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/38787039.45587.1487091376314.JavaMail.root%40ichabod.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] trying to remove old template but getting error

[Gaiko]

On Tuesday, February 14, 2017 at 7:11:19 AM UTC-5, Unman wrote:
> On Mon, Feb 13, 2017 at 05:26:07PM -0800, Gaiko wrote:
> > On Monday, February 13, 2017 at 8:06:43 PM UTC-5, Unman wrote:
> > > On Mon, Feb 13, 2017 at 04:53:24PM -0800, Gaiko wrote:
> > > > I installed the fedora24 template using
> > > > 
> > > > sudo qubes-dom0-update qubes-template-fedora-24
> > > > 
> > > > Then changed all put then went to global settings, changed the default 
> > > > template, then went into the vm manager and changed the default 
> > > > template for each of the VMs (its a fresh install so there was jsut 
> > > > vault, personal, untrusted, and work) but not the sys-net, 
> > > > sys-firewall, as it had it in my head that was a done deal via global 
> > > > settings.
> > > > 
> > > > Anyway, then ran
> > > > 
> > > > qvm-create-default-dvm --default-template
> > > > 
> > > > then
> > > > 
> > > > sudo dnf remove qubes-template-fedora-23
> > > > 
> > > > but with the last command I got an error:
> > > > no match for argument: qubes-template-fedora-23
> > > > Error:no packages marked for removal.
> > > > 
> > > > I then looked for other posts and found this 
> > > > (https://groups.google.com/forum/#!searchin/qubes-users/no$20match$20for$20argument$3A$20qubes-template-fedora-23$20Error$3Ano$20packages$20marked$20for$20removal.%7Csort:relevance/qubes-users/v7Svq_KS5us/Xej8hMQICAAJ)
> > > >  but there he had mod'd the qubes.xml file and in that file on my comp 
> > > > I noticed there was not an entry for fedora-24 so I was hesitant to go 
> > > > any further.
> > > > 
> > > > So, fedora-23 template files are still in  
> > > > /var/lib/vm-templates/fedora-23
> > > > and fedora-23 is still showing up in the VM Manager (indicating it 
> > > > needs updates no less). Fedora 24 is also showing up in the VM Manager, 
> > > > and everything *seems* ok with it except it wasn't in the qubes.xml 
> > > > file which i wasn't sure about... 
> > > > 
> > > > Thoughts?
> > > > 
> > > 
> > > Try 'sudo dnf list installed |grep template'
> > > to check the status with dnf.
> > > 
> > > Also try qvm-remove qubes-template-fedora-23
> > 
> > Thx for the reply.
> > 
> > Tried both, it seems Fedora23 isn't showing up as being installed. When I 
> > grep'd the dnf list command the other (including fed24) templates showed up 
> > but not f23. When I tried 
> > 
> > qvm-remove qubes-template-fedora-23
> > 
> > it told me
> > 
> > A VM with the name qubes-template-fedora-23 does not exist in the system
> > 
> > I thought to take a look in the /var/lib/qubes/vm-templates/fedora23 dir 
> > and noticed (du -sh) that there is only 22M of stuff there... so I guess 
> > the main files (sorry I don't know the exact files but I figure it would be 
> > bigger if f23 was still there) aren't there... but the VM manager thinks 
> > F23 is, and the qubes.xml is still something I am not sure about.
> > 
> > further thoughts?
> > 
> 
> Look at www.qubes-os.org/doc/remove-vm-manually

that got it thanx! (i guess the qubes.xml is a non issue?)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/26be9e37-219f-419f-9eb1-74fa51e85bd7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ad-blocking ProxyVM?

[Joe Ruether]

On Monday, February 13, 2017 at 9:35:52 PM UTC-5, Joe Ruether wrote:
> Ok, I need to simplify this. I need help, I don't know what I am missing. Is 
> anyone able to recreate the following netcat test?
> 
> I cannot seem to get the DNAT portion of the iptables to work at all. Here is 
> a very simple test:
> 
> On the proxyvm, I use the following rules to redirect port 5353 to localhost, 
> and allow the connection:
> 
> iptables -t nat -I PR-QBS 1 -d 10.137.4.1 -p tcp --dport 5353 -j DNAT 
> --to-destination 127.0.0.1
> iptables -I INPUT 1 -p tcp --dport 5353 -j ACCEPT
> 
> Then, on the proxyvm, I run the following command to listen on that port (no 
> other service is running on that port):
> 
> nc -l -p 5353
> 
> Finally, on the AppVM, I run the following command:
> 
> nc 10.137.4.1 5353
> 
> My expectation is that the two netcats will connect, however they don't. What 
> do I need to do to get my AppVM to talk to my ProxyVM? Thanks

Well, I feel like a fool, I finally figured it out. I realized the DNAT rules 
aren't necessary at all, so all I needed was this:

iptables -I INPUT 1 -p tcp --dport 5353 -j ACCEPT

Of course I overcomplicated such a simple problem... I learned a bunch about 
iptables though.

I also have the PiHole adblocker working now. In case anyone stumbles onto this 
thread trying to do the same thing, the final trick was to add the Qubes vif 
interfaces to a dnsmasq config file to it would listen on them.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb192195-af69-4793-b4a2-1f787af2ddbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - 20H2S00700

[Vincent Wiemann]

This device is an i7 Lenovo E470.
Intel graphics card needs newer kernel (from unstable repo)...
GeForce graphics not supported by noveau, yet. Official NVIDIA driver
fails with memory allocation error under Xen; see also
https://devtalk.nvidia.com/default/topic/691565/linux/geforce-driver-problem-on-centos-6-4-with-xen-installed
(even with IGNORE_XEN_PRESENCE-flag set etc.)
Installation only possible with VNC as text installation mode doesn't
prompt for encryption password.
Sleep mode sometimes freezes the device.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9fab2a84-5b7c-3635-ac0c-6cd04924c1a3%40ironai.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-20H2S00700-20170214-113042.yml
Description: application/yaml