Re: [qubes-users] How to switch VM network on and off?
Hello Andrew, good to know it and to keep this in mind to stay secure in different levels, which can be adapted to the requirements. Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7b73fb90-5e0f-4aa8-b0d7-3698d9fc9987%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to switch VM network on and off?
Hello Frank, perfect, so I can keep the network setup and can prevent the installed software to "call home", without my control. Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d658b44e-5562-4e39-b6d6-d0fec1668203%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to switch VM network on and off?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-08 13:40, 193084'1093284'0193284'0943218 wrote: > Hello, > > many apps "call home"... and mostly I need some internet-services > direct outside one app only occasionally. > > On a standard PC I solve this quite simple: HW-Firewall Hotspot > requires a logon. > > So as long I don't logon to my firewall, no app can access the > internet. > > Now under Qubes, I work much more in the multi-tasking mode. > > Some VMs are online and others should be offline in the same time. > > But how I can switch on and off the network of only one VM > specifically (without destroying the advanced network topology > inside qubes)? > > As an workaround I can: > > i) disable the network in the QM (but later I must remember the > old settings - to the usability security will not to bee too high, > with this process). > If by "QM" you meant "VM," then this is the recommended way. Simply change the VM's NetVM to "none" when you want to disable network access, then set it back to your preferred NetVM when you want to restore access. It is also possible to deny programs network access via firewall rules. However, you should understand that the Qubes firewall is not a leak prevention mechanism, and not even setting the NetVM to "none" can guarantee that there will be no data leaks due to the existence of covert channels: https://www.qubes-os.org/doc/data-leaks/ > ii) I can switch on and off the hole connection to the internet > (via the KDE-Menue). But again before I switch it on again, I must > collect all open windows and screen the VMs, which might still run > in the background and so the usability securtiy might be poor. > > Is there are a simple way? > > Kind Regards > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXgG9qAAoJENtN07w5UDAw+5gQALPCr0nqpjp7VeRiX4a6aEhp pedsyzXMH84g8P5dLKz/icOe4iKoJ21KNmfdnRZ91IRoZwhLSmMK4WHBWdbmEma5 jOPDYtBhUxylB+b9bjnZjVK5hOwKro+fBJETEvWCt1MeUBwvl/7SJo5Kq2e0kfyi fAkVJXowAZl80MJDQxtZv1UfLIEolqNQYZb8hfnAL1OHWjDg4oUannExUpgFJIdY 10Q7pVZRjmJL0sLaQbB1t3wMtUYqD3D1AlDdQk/YsoiSe5gJk9i4p9ozlk/2PbTZ qVhyJmcHFTdmq0gztHSqVsOZP3whQvWGffHHzoOBqaKiOQmXoBSPxzVjQycXWTXc /uJOlUrnql54PhGJm+fcW8LctBQZ8ZdtCKd1tLL4jBwihC+RmPZDQZzeVAHawTOZ N+6B2TGcgLywBqYlvFscdPVdfcM+FpcMSsvUDOJqsufofG5hWZlar9WO/3tlxU9x cA745416wIm2jzPIbJ0QbHLJ6G9APBbJugFAokLEWC0YPykrbHfgPWnDlqCtaX6G JS0tES+K18Je+LSidg1NASYVLSw7ag/h4H4XUKPqD2yP5nV5NcIg4K04YzPK2PRv nqKr65/P0albVymn6Rms8RBPgymt8J7tWUcHMt7xNl4Jkq3hh94Gy+880DEDOqki D3tdlX6/GGMm/SZouQG7 =eTV3 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f87b7737-997b-0126-feb7-8619ad1dd00e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to switch VM network on and off?
> On 08.07.2016, at 22:40, 193084'1093284'0193284'0943218 > kersten.vogel-at-gmail.com |qubes-mailing-list/Example Allow| >wrote: > > Hello, > > many apps "call home"... > and mostly I need some internet-services direct outside one app only > occasionally. > > On a standard PC I solve this quite simple: HW-Firewall Hotspot requires a > logon. > > So as long I don't logon to my firewall, no app can access the internet. > > Now under Qubes, I work much more in the multi-tasking mode. > > Some VMs are online and others should be offline in the same time. > > But how I can switch on and off the network of only one VM specifically > (without destroying the advanced network topology inside qubes)? > > As an workaround I can: > > i) disable the network in the QM (but later I must remember the old settings > - to the usability security will not to bee too high, with this process). > > ii) I can switch on and off the hole connection to the internet (via the > KDE-Menue). > But again before I switch it on again, I must collect all open windows and > screen the VMs, which might still run in the background and so the usability > securtiy might be poor. > > Is there are a simple way? How about using the firewall settings that each and every AppVM has it's own set of (if it is connected to a proxyVM other than Whonix GW). Right-click AppVM in Qubes Manager -> Edit Firewall Settings -> select "Deny everything except" and leave the exception list empty, click OK. Effective immediately and no reboot required. Regards, Frank > > Kind Regards > > > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/85274287-98c1-43c3-bfc1-14d57828cc69%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/E63EBAA3-1D6C-4FD5-8821-4690C396B89D%40schaeckermann.net. For more options, visit https://groups.google.com/d/optout.