Re: [qubes-users] How to block all non tor traffic
Although it would seem to be a sniffer, I am embarrassed that the sniffer standing sys-firewall shows that the traffic comes from sys-firewall (not sys-whonix). And the sniffer from sys-net doesn't catch the ping connection to the site. In general, I'll deal with iptabals with if there are any more questions I write. -- This mail was sent by Confidesk AG`s secure mail service. Check it on http://www.confidesk.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/E1jNMz0-0004f1-Bw%40chwww1.confidesk.com.
Re: [qubes-users] How to block all non tor traffic
This is understandable, but traffic connected to sys-firewall and sys-net bypass tor. On the whonix forum I was told that this is impossible) If I translated his answer correctly. https://forums.whonix.org/t/how-to-block-all-non-tor-traffic/9308 Basically, I figured out that sys-net needs to cut off all traffic that doesn't come from sys-firewall, but I can't figure out what to do with sys-firewall yet. On 2020-04-11, tas...@posteo.net wrote: On 4/11/20 8:32 AM, hsfcyxr hsfcyxr wrote: > There’s a second computer to access the Clinet. > How do I completely block traffic bypassing sys-whonix? I don’t know > much English, so I couldn’t find it myself, I read qubes and whonix > documentation. > (I marked dom0 updates via tor during installation, prescribed “sudo > systemctl restart qubes-whonix-torified-updates-proxy-check”, installed > everything in Qube Manager except sys-firewall, sys-whonix, sys-net and > Tamplate VM on sys-whonix, > Qubes global settings -> Dom0 UpdateVM -> sys-whonix > Qubes global settings -> ClockV -> sys-whonix > Qubes global settings -> Default netVM -> sys-whonix > Qubes global settings -> Default template -> fedora-30 > Qubes global settings -> Default DisposableVM Template -> fedora-30-dvm > ) > Maybe there are some guides to setting qubes to anonymity so that the > browser can’t recognize my time zone (so that it is different on > different AppVMs). And how to add a different language to the keyboard, > again, so that it would be visible only on the AppVMs I need. > > img: qubes-os[.]org/attachment/wiki/posts/admin-api.png > *I will formulate a more specific question, as in the diagram above, to > block all connections to sys-net except sys-whonix->sys-firewall->sys-net.* Its best to ask about Whonix specifics on the whonix.org forums. However, I'm pretty sure that sys-whonix is already configured not to allow any non-Tor traffic; That is the point of having a Tor VM in the first place, to enforce network containment as strongly as possible. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- This mail was sent by Confidesk AG`s secure mail service. Check it on http://www.confidesk.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/E1jNMmx-0004UZ-5W%40chwww1.confidesk.com.
Re: [qubes-users] How to block all non tor traffic
On 4/11/20 8:32 AM, hsfcyxr hsfcyxr wrote: There’s a second computer to access the Clinet. How do I completely block traffic bypassing sys-whonix? I don’t know much English, so I couldn’t find it myself, I read qubes and whonix documentation. (I marked dom0 updates via tor during installation, prescribed “sudo systemctl restart qubes-whonix-torified-updates-proxy-check”, installed everything in Qube Manager except sys-firewall, sys-whonix, sys-net and Tamplate VM on sys-whonix, Qubes global settings -> Dom0 UpdateVM -> sys-whonix Qubes global settings -> ClockV -> sys-whonix Qubes global settings -> Default netVM -> sys-whonix Qubes global settings -> Default template -> fedora-30 Qubes global settings -> Default DisposableVM Template -> fedora-30-dvm ) Maybe there are some guides to setting qubes to anonymity so that the browser can’t recognize my time zone (so that it is different on different AppVMs). And how to add a different language to the keyboard, again, so that it would be visible only on the AppVMs I need. img: qubes-os[.]org/attachment/wiki/posts/admin-api.png *I will formulate a more specific question, as in the diagram above, to block all connections to sys-net except sys-whonix->sys-firewall->sys-net.* Its best to ask about Whonix specifics on the whonix.org forums. However, I'm pretty sure that sys-whonix is already configured not to allow any non-Tor traffic; That is the point of having a Tor VM in the first place, to enforce network containment as strongly as possible. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe6dae00-ff23-a600-539d-38e6cdc92793%40posteo.net.
Re: [qubes-users] How to block all non tor traffic
On Sat, Apr 11, 2020 at 12:32:34PM +, hsfcyxr hsfcyxr wrote: > There???s a second computer to access the Clinet. > How do I completely block traffic bypassing sys-whonix? I don???t know > much English, so I couldn???t find it myself, I read qubes and whonix > documentation. > (I marked dom0 updates via tor during installation, prescribed ???sudo > systemctl restart qubes-whonix-torified-updates-proxy-check???, installed > everything in Qube Manager except sys-firewall, sys-whonix, sys-net and > Tamplate VM on sys-whonix, > Qubes global settings -> Dom0 UpdateVM -> sys-whonix > Qubes global settings -> ClockV -> sys-whonix > Qubes global settings -> Default netVM -> sys-whonix > Qubes global settings -> Default template -> fedora-30 > Qubes global settings -> Default DisposableVM Template -> > fedora-30-dvm > ) > Maybe there are some guides to setting qubes to anonymity so that the > browser can???t recognize my time zone (so that it is different on different > AppVMs). And how to add a different language to the keyboard, again, so > that it would be visible only on the AppVMs I need. img: > qubes-os[.]org/attachment/wiki/posts/admin-api.png > I will formulate a more specific question, as in the diagram above, to block > all connections to sys-net except sys-whonix->sys-firewall->sys-net. > I cant help with Whonix issues, but you should block outgoing traffic originating from sys-net and sys-firewall. Restrict traffic which is forwarded through sys-firewall to anything originating from the vif and MAC of sys-whonix. Then you're trusting Whonix to deliver what it promises. Strange that you are using standard templates for default and DisposableVM, when you are concerned with anonymity. Have you customised that fedora-30 template? If not, you may be shooting yourself in the foot. Personally I don't use clock updates at all, and set time to UTC across the board. You can install language options in the templates and trigger changes on an individual qube, which allows you to access different layout per qube. If I understand your post, that's what you want? Check the "keyboard " option in Qube Manager. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200411142656.GB27666%40thirdeyesecurity.org.
[qubes-users] How to block all non tor traffic
There’s a second computer to access the Clinet. How do I completely block traffic bypassing sys-whonix? I don’t know much English, so I couldn’t find it myself, I read qubes and whonix documentation. (I marked dom0 updates via tor during installation, prescribed “sudo systemctl restart qubes-whonix-torified-updates-proxy-check”, installed everything in Qube Manager except sys-firewall, sys-whonix, sys-net and Tamplate VM on sys-whonix, Qubes global settings -> Dom0 UpdateVM -> sys-whonix Qubes global settings -> ClockV -> sys-whonix Qubes global settings -> Default netVM -> sys-whonix Qubes global settings -> Default template -> fedora-30 Qubes global settings -> Default DisposableVM Template -> fedora-30-dvm ) Maybe there are some guides to setting qubes to anonymity so that the browser can’t recognize my time zone (so that it is different on different AppVMs). And how to add a different language to the keyboard, again, so that it would be visible only on the AppVMs I need. img: qubes-os[.]org/attachment/wiki/posts/admin-api.png I will formulate a more specific question, as in the diagram above, to block all connections to sys-net except sys-whonix->sys-firewall->sys-net. -- This mail was sent by Confidesk AG`s secure mail service. Check it on http://www.confidesk.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/E1jNFJK-0001An-E3%40chwww1.confidesk.com.
