.. program:: qvm-firewall

=======================================================
:program:`qvm-firewall` -- Qubes firewall configuration
=======================================================

Synopsis
========
| qvm-firewall [-n] <vm-name> [action] [rule spec]

Rule specification can be one of:
    1. address|hostname[/netmask] tcp|udp port[-port]
    2. address|hostname[/netmask] tcp|udp service_name
    3. address|hostname[/netmask] any

Options
=======

.. option:: --help, -h

    Show this help message and exit

.. option:: --list, -l

    List firewall settings (default action)

.. option:: --add, -a

    Add rule

.. option:: --del, -d

    Remove rule (given by number or by rule spec)

.. option:: --policy=SET_POLICY, -P SET_POLICY

    Set firewall policy (allow/deny)

.. option:: --icmp=SET_ICMP, -i SET_ICMP

    Set ICMP access (allow/deny)

.. option:: --dns=SET_DNS, -D SET_DNS

    Set DNS access (allow/deny)

.. option:: --yum-proxy=SET_YUM_PROXY, -Y SET_YUM_PROXY

    Set access to Qubes yum proxy (allow/deny).

    .. note::
       if set to "deny", access will be rejected even if policy set to "allow"

.. option:: --numeric, -n

    Display port numbers instead of services (makes sense only with :option:`--list`)

Authors
=======
| Joanna Rutkowska <joanna at invisiblethingslab dot com>
| Rafal Wojtczuk <rafal at invisiblethingslab dot com>
| Marek Marczykowski <marmarek at invisiblethingslab dot com>