Re: [qubes-users] Log qubes firewall packets
> >> Wondering how to log packets blocked and accepted by qubes firewall > >> for specific vm or all vms if thats the only option? Couldn't find > >> anything in website or google or qvm-firewall > > Unfortunately, Qubes firewall was not designed for such use case. > > > > If you are familiar with the iptables (and nftables too), you may be > > able to workraound this limitation. But it really not trivial to achieve So, logging is done via -j LOG target, like this (with same rules that would match actual action): iptables -t nat -A SSH2 -j LOG --log-prefix "DNAT SSH2-tunnel: " iptables -t nat -A SSH2 -j DNAT -p tcp --to 10.137.2.11:22 For blocked packages you should add log entry before DROP statements. You should review all chains and tables. Add your changes to sys-firewall:/rw/config/qubes-firewall-user-script. Be careful when inserting/adding rules, as they qubes dynamically changes the tables. By default LOG uses systemd log but it is configurable. Your question is not related to Qubes, but is general iptables-question. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a9399c1d-d316-48fb-af62-4832d60db84a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Log qubes firewall packets
Okay thanks, should I post this in issues as a feature request? On 4/21/19 4:06 PM, Zrubi wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 4/21/19 9:13 PM, Frozentime345 wrote: Wondering how to log packets blocked and accepted by qubes firewall for specific vm or all vms if thats the only option? Couldn't find anything in website or google or qvm-firewall Unfortunately, Qubes firewall was not designed for such use case. If you are familiar with the iptables (and nftables too), you may be able to workraound this limitation. But it really not trivial to achieve . - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAly8zUUACgkQVjGlenYH FQ3asQ//eFsUE/kigN5pFpkEYiQKxh5XGMtAaAtcdA4IhaPLqlnG+VkFZz0fTB3n Jv1sO6LYunL2DPSfOInUELHOu8ZiCMEIB4+SFqJszjCJADGDSBX7iEd5TyNDNU23 bV3hKU/6LI+bsDqbuwzteg/CgR8WxAtGhle/G/OOoQ3H2ViYxLOPudRLe0Pda12e zx1Ra7u0QMYXTO+vQWbvKcnlxkL41ataK+n1KkKYi+ToGfrmV5Kho0yg83H2ETXO +4xTcb5ZUtlmjgb0kP7Q14n5Qv5nLokzOCvAajGNDq6/IQQND0prD5GjIOztiCaB ugOWqGdWCVxJKyjoxF0YpzOrXZHzz1FsAH4/6zEhN8e8VvTf1moWCaAf2yOg4Qca wUKD78gBYtbO92eB5OEYkaKBE7GXOPOjKjHZQUBFFe8Z+BuOK55ZcEEwID8S+w3K QEaud/l5LetMK9GXrhZ4ti6vWEKLLPa9tDDOzUW7Qe+5+Epk96uj0NH/oM14Afmn TBGsw0YMCRuugfDrfpZOu+MMKxEt9zS3bLy6FBBIe7h84YV09Zl6mBzf3gWPqOSj cZpBlJVQaqY3P1A3yYhWyJ7eOdN+e36uV5a+PmBVm3mjMZcKkK4niLwDALGam/Zc U4g7XPVLJyssKFMd2FIL1d7QomC1gtI2w8jBbRzLQ4Xj7fsVyt0= =4NxJ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/578b2297-0d79-1678-0710-7369124b9069%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Log qubes firewall packets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 4/21/19 9:13 PM, Frozentime345 wrote: > Wondering how to log packets blocked and accepted by qubes firewall > for specific vm or all vms if thats the only option? Couldn't find > anything in website or google or qvm-firewall > Unfortunately, Qubes firewall was not designed for such use case. If you are familiar with the iptables (and nftables too), you may be able to workraound this limitation. But it really not trivial to achieve . - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAly8zUUACgkQVjGlenYH FQ3asQ//eFsUE/kigN5pFpkEYiQKxh5XGMtAaAtcdA4IhaPLqlnG+VkFZz0fTB3n Jv1sO6LYunL2DPSfOInUELHOu8ZiCMEIB4+SFqJszjCJADGDSBX7iEd5TyNDNU23 bV3hKU/6LI+bsDqbuwzteg/CgR8WxAtGhle/G/OOoQ3H2ViYxLOPudRLe0Pda12e zx1Ra7u0QMYXTO+vQWbvKcnlxkL41ataK+n1KkKYi+ToGfrmV5Kho0yg83H2ETXO +4xTcb5ZUtlmjgb0kP7Q14n5Qv5nLokzOCvAajGNDq6/IQQND0prD5GjIOztiCaB ugOWqGdWCVxJKyjoxF0YpzOrXZHzz1FsAH4/6zEhN8e8VvTf1moWCaAf2yOg4Qca wUKD78gBYtbO92eB5OEYkaKBE7GXOPOjKjHZQUBFFe8Z+BuOK55ZcEEwID8S+w3K QEaud/l5LetMK9GXrhZ4ti6vWEKLLPa9tDDOzUW7Qe+5+Epk96uj0NH/oM14Afmn TBGsw0YMCRuugfDrfpZOu+MMKxEt9zS3bLy6FBBIe7h84YV09Zl6mBzf3gWPqOSj cZpBlJVQaqY3P1A3yYhWyJ7eOdN+e36uV5a+PmBVm3mjMZcKkK4niLwDALGam/Zc U4g7XPVLJyssKFMd2FIL1d7QomC1gtI2w8jBbRzLQ4Xj7fsVyt0= =4NxJ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/efc45631-892a-73fb-e6fc-ffb6f25532b5%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Log qubes firewall packets
Wondering how to log packets blocked and accepted by qubes firewall for specific vm or all vms if thats the only option? Couldn't find anything in website or google or qvm-firewall -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/049dca62-08a1-6f03-9fb7-73f99f5866b2%40gmail.com. For more options, visit https://groups.google.com/d/optout.
