63 lines
1.4 KiB
ReStructuredText
63 lines
1.4 KiB
ReStructuredText
.. program:: qvm-firewall
|
|
|
|
=======================================================
|
|
:program:`qvm-firewall` -- Qubes firewall configuration
|
|
=======================================================
|
|
|
|
Synopsis
|
|
========
|
|
| qvm-firewall [-n] <vm-name> [action] [rule spec]
|
|
|
|
Rule specification can be one of:
|
|
1. address|hostname[/netmask] tcp|udp port[-port]
|
|
2. address|hostname[/netmask] tcp|udp service_name
|
|
3. address|hostname[/netmask] any
|
|
|
|
Options
|
|
=======
|
|
|
|
.. option:: --help, -h
|
|
|
|
Show this help message and exit
|
|
|
|
.. option:: --list, -l
|
|
|
|
List firewall settings (default action)
|
|
|
|
.. option:: --add, -a
|
|
|
|
Add rule
|
|
|
|
.. option:: --del, -d
|
|
|
|
Remove rule (given by number or by rule spec)
|
|
|
|
.. option:: --policy=SET_POLICY, -P SET_POLICY
|
|
|
|
Set firewall policy (allow/deny)
|
|
|
|
.. option:: --icmp=SET_ICMP, -i SET_ICMP
|
|
|
|
Set ICMP access (allow/deny)
|
|
|
|
.. option:: --dns=SET_DNS, -D SET_DNS
|
|
|
|
Set DNS access (allow/deny)
|
|
|
|
.. option:: --yum-proxy=SET_YUM_PROXY, -Y SET_YUM_PROXY
|
|
|
|
Set access to Qubes yum proxy (allow/deny).
|
|
|
|
.. note::
|
|
if set to "deny", access will be rejected even if policy set to "allow"
|
|
|
|
.. option:: --numeric, -n
|
|
|
|
Display port numbers instead of services (makes sense only with :option:`--list`)
|
|
|
|
Authors
|
|
=======
|
|
| Joanna Rutkowska <joanna at invisiblethingslab dot com>
|
|
| Rafal Wojtczuk <rafal at invisiblethingslab dot com>
|
|
| Marek Marczykowski <marmarek at invisiblethingslab dot com>
|