Btw I still consider this hideous firewall GUI an anti-feature and would
wholeheartedly support anyone complaining about it at qubes-issues.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails
lik...@gmx.de:
accept dns
and
accept icmp
1. Is my assumption correct that by that it's possible to exfiltrate data to
any destination server using dns/icmp?
Yes.
2. What are practical solutions to mitigate that?
a) delete "accept dns/icmp" rules in the firewall and add the
corres
Hi!
In the default firewall setup if a VM is restricted via UI using "Limit
outgoing Internet connections to ..." 2 rules are added before "drop all
packages":
[prompt]$ qvm-firewall vm
NO ACTION HOSTPROTOCOL PORT(S)
SPECIAL TARGET ICMP TYPE EXPIR
