On Thu, Jul 15, 2021 at 04:50:29PM +0700, unman wrote:
> On Wed, Jul 14, 2021 at 04:35:42PM +, Michael Singer wrote:
>>
>> Would you let my Qube, which is supposed to connect to only one IP address on
>> the internet, be based on an extra firewall-vm? Would that more secure?
> You could do this: it would have one particular advantage, in that you
> could set custom rules in sys-net to restrict access from that
> sys-firewall to the specified IP address.
Do you have an example of the command line commands you use to set such custom
rules in an ordinary debian or fedora sys-net?
>> In the Qube settings for the services there is the service
>> "disable-default-route". I have not found anything about what it does. In my
>> case, would it be better to leave it on or turn it off?
> man qvm-service - this service will remove the default gateway entry. So
> a qube would be able to access immediate neighbours but not step beyond.
> It's not what you want here.
What are the immediate neighbors of a qube?
Can both a qube using the default route and a qube with the
disable-default-route service turned on access its immediate neighbors, or only
a qube with the disable-default-route service turned on?
In what situation is it useful for a qube to be able to access its immediate
neighbors?
All the best
Michael
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/4f04a944-d8df-cfd8-106d-faf03798fc84%40posteo.de.
