Re: [qubes-users] qubes-mirage-firewall 0.5
On Tue, Apr 23, 2019 at 12:43 PM Thomas Leonard wrote: > On Tuesday, April 23, 2019 at 5:02:36 PM UTC+1, brend...@gmail.com wrote: > > The build script uses download.camlcity.org which appears to be > chronically down.Any consideration for replacements? > > It's up for me. What error are you seeing? > Hi Thomas, I think this might be due to the firewall in one of the facilities I connect from - the site might be blacklisted for some reason. I'll check with IT. Thanks, Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOajFefqTzU%3D00_f4Ck8y2R8tVx0hJRm4_CQ_ffGgo7ntHA%3DZQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes-mirage-firewall 0.5
On Tuesday, April 23, 2019 at 5:02:36 PM UTC+1, brend...@gmail.com wrote: > Hi Thomas, > > The build script uses download.camlcity.org which appears to be chronically > down. > > Any consideration for replacements? It's up for me. What error are you seeing? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e2b00c4b-0744-456e-8a24-3ba5c33aba39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes-mirage-firewall 0.5
Hi Thomas, The build script uses download.camlcity.org which appears to be chronically down. Any consideration for replacements? B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/abe422e7-b1aa-4208-bf4b-6c2decfd2eb2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes-mirage-firewall 0.5
I have been briefly reminded that technology is not some magic bullet where you just fire and forget. Thank you for this -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/977cc4bb-868b-43ff-b044-fe8ffb3a7238%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes-mirage-firewall 0.5
On Monday, April 8, 2019 at 9:45:05 AM UTC+1, Sphere wrote: > So I have briefly read README.md about this and does this thing really have > to run as a PV VM and cannot be a PVH VM? See: https://lists.xenproject.org/archives/html/mirageos-devel/2019-04/msg00019.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b12d447f-4dfb-4233-a2f9-0c5d61a45012%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes-mirage-firewall 0.5
On Sunday, April 7, 2019 at 9:23:13 PM UTC+1, 799 wrote: > Hello Thomas, > > > > Thomas Leonard schrieb am Do., 4. Apr. 2019, 12:27: > I'd like to announce the release of qubes-mirage-firewall 0.5: > > https://github.com/mirage/qubes-mirage-firewall/releases/tag/v0.5 > (...) > > For installation instructions, see: > > https://github.com/mirage/qubes-mirage-firewall/blob/master/README.md, > > > thanks for the work you put into your mirage-firewall, as I have read your > announcement several times in the past, I'd like to give it a try, but I > would like to see some more information which is targeted towards newbies. > To me it is not clear how I can setup the mirage-firewall. > It seems that your suggestion is to build a docker image and while this > covered in the installation howto > (https://github.com/mirage/qubes-mirage-firewall/blob/master/README.md) the > docker building must be started within an AppVM ... should this be a template > VM? a dedicated HVM? And should it be debian or fedora? > I'd like to have a step for step instruction which takes a standard Qubes > Installation as baseline and then ends in a working mirage firewall. > As mentioned I would be more than happy o contribute to the documentation, > but can you clarify the starting point? I've proposed some extra text suggesting users should "Create a new Fedora-29 AppVM (or reuse an existing one)": https://github.com/mirage/qubes-mirage-firewall/pull/51 Does that help? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/37ab3faa-af0e-4306-8b13-86d4da22555f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes-mirage-firewall 0.5
So I have briefly read README.md about this and does this thing really have to run as a PV VM and cannot be a PVH VM? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4aad0c4d-0b60-47e6-b885-34c48d50af38%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes-mirage-firewall 0.5
On Sunday, April 7, 2019 at 8:23:13 PM UTC, 799 wrote: > Hello Thomas, > > > > Thomas Leonard schrieb am Do., 4. Apr. 2019, 12:27: > I'd like to announce the release of qubes-mirage-firewall 0.5: > > https://github.com/mirage/qubes-mirage-firewall/releases/tag/v0.5 > (...) > > For installation instructions, see: > > https://github.com/mirage/qubes-mirage-firewall/blob/master/README.md, > > > thanks for the work you put into your mirage-firewall, as I have read your > announcement several times in the past, I'd like to give it a try, but I > would like to see some more information which is targeted towards newbies. > To me it is not clear how I can setup the mirage-firewall. > It seems that your suggestion is to build a docker image and while this > covered in the installation howto > (https://github.com/mirage/qubes-mirage-firewall/blob/master/README.md) the > docker building must be started within an AppVM ... should this be a template > VM? a dedicated HVM? And should it be debian or fedora? > I'd like to have a step for step instruction which takes a standard Qubes > Installation as baseline and then ends in a working mirage firewall. > As mentioned I would be more than happy o contribute to the documentation, > but can you clarify the starting point? > > > So in which VM (and VM type) should I run those first steps: > > > [...] > Build from source > Clone this Git repository and run the build-with-docker.sh script: > sudo ln -s /var/lib/docker /home/user/docker > sudo dnf install docker > sudo systemctl start docker > git clone https://github.com/mirage/qubes-mirage-firewall.git > cd qubes-mirage-firewall > sudo ./build-with-docker.sh > [...] > > - O Run from any recent fedora-based AppVM (standalone or not). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f0815853-5948-4622-b853-12c8b7380433%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes-mirage-firewall 0.5
Hello Thomas, Thomas Leonard schrieb am Do., 4. Apr. 2019, 12:27: > I'd like to announce the release of qubes-mirage-firewall 0.5: > https://github.com/mirage/qubes-mirage-firewall/releases/tag/v0.5 > (...) > For installation instructions, see: > https://github.com/mirage/qubes-mirage-firewall/blob/master/README.md, thanks for the work you put into your mirage-firewall, as I have read your announcement several times in the past, I'd like to give it a try, but I would like to see some more information which is targeted towards newbies. To me it is not clear how I can setup the mirage-firewall. It seems that your suggestion is to build a docker image and while this covered in the installation howto ( https://github.com/mirage/qubes-mirage-firewall/blob/master/README.md) the docker building must be started within an AppVM ... should this be a template VM? a dedicated HVM? And should it be debian or fedora? I'd like to have a step for step instruction which takes a standard Qubes Installation as baseline and then ends in a working mirage firewall. As mentioned I would be more than happy o contribute to the documentation, but can you clarify the starting point? So in which VM (and VM type) should I run those first steps: [...] Build from source Clone this Git repository and run the build-with-docker.sh script: sudo ln -s /var/lib/docker /home/user/docker sudo dnf install docker sudo systemctl start docker git clone https://github.com/mirage/qubes-mirage-firewall.git cd qubes-mirage-firewall sudo ./build-with-docker.sh [...] - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2tBH%2B25qJ-fomn786NGNHe2rF_8EBVrsh-qcSMtR2gAAA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qubes-mirage-firewall 0.5
I'd like to announce the release of qubes-mirage-firewall 0.5: https://github.com/mirage/qubes-mirage-firewall/releases/tag/v0.5 This is a unikernel that can run as a QubesOS ProxyVM, replacing sys-firewall. It may be useful if you want something smaller or faster-to-start than the Linux-based sys-firewall. It requires around 32MB of RAM when running and requires 0.0s of CPU time to boot, according to "xl list". It does not need or use a hard-disk, and does not persist any state between reboots. For installation instructions, see: https://github.com/mirage/qubes-mirage-firewall/blob/master/README.md For a blog post explaining the background for this, with a walk-through of the code (it's written in OCaml), see: http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/ Changes since 0.4: - Update to the latest mirage-net-xen, mirage-nat and tcpip libraries (@yomimono, @talex5, #45, #47). In iperf benchmarks between a client VM and sys-net, this more than doubled the reported bandwidth! - Don't wait for the Qubes GUI daemon to connect before attaching client VMs (@talex5, #38). If the firewall is restarted while AppVMs are connected, qubesd tries to reconnect them before starting the GUI agent. However, the firewall was waiting for the GUI agent to connect before handling the connections. This led to a 10s delay on restart for each client VM. Reported by @xaki23. - Add stub makefile for qubes-builder (@xaki23, #37). - Update build instructions for latest Fedora (@talex5, #36). yum no longer exists. Also, show how to create a symlink for /var/lib/docker on build VMs that aren't standalone. Reported by @xaki23. - Add installation instructions for Qubes 4 (@yomimono, @reynir, @talex5, #27). - Use Ethernet_wire.sizeof_ethernet instead of a magic 14 (@hannesm, #46). Note that the repository has moved from github.com/talex5 to the github.com/mirage organisation, as it's no longer just my personal project. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/727d1b86-a37b-4a65-a167-b128a23c8197%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
