63 lines
1.5 KiB
ReStructuredText
63 lines
1.5 KiB
ReStructuredText
.. program:: qvm-firewall
|
|
|
|
=======================================================
|
|
:program:`qvm-firewall` -- Qubes firewall configuration
|
|
=======================================================
|
|
|
|
Synopsis
|
|
========
|
|
:command:`qvm-firewall` [-n] <*vm-name*> [*action*] [*rule spec*]
|
|
|
|
Rule specification can be one of:
|
|
1. *address*\ |\ *hostname*\ [/*netmask*] tcp|udp *port*\ [-*port*]
|
|
2. *address*\ |\ *hostname*\ [/*netmask*] tcp|udp *service_name*
|
|
3. *address*\ |\ *hostname*\ [/*netmask*] any
|
|
|
|
Options
|
|
=======
|
|
|
|
.. option:: --help, -h
|
|
|
|
Show this help message and exit
|
|
|
|
.. option:: --list, -l
|
|
|
|
List firewall settings (default action)
|
|
|
|
.. option:: --add, -a
|
|
|
|
Add rule
|
|
|
|
.. option:: --del, -d
|
|
|
|
Remove rule (given by number or by rule spec)
|
|
|
|
.. option:: --policy=SET_POLICY, -P SET_POLICY
|
|
|
|
Set firewall policy (allow/deny)
|
|
|
|
.. option:: --icmp=SET_ICMP, -i SET_ICMP
|
|
|
|
Set ICMP access (allow/deny)
|
|
|
|
.. option:: --dns=SET_DNS, -D SET_DNS
|
|
|
|
Set DNS access (allow/deny)
|
|
|
|
.. option:: --yum-proxy=SET_YUM_PROXY, -Y SET_YUM_PROXY
|
|
|
|
Set access to Qubes yum proxy (allow/deny).
|
|
|
|
.. note::
|
|
if set to "deny", access will be rejected even if policy set to "allow"
|
|
|
|
.. option:: --numeric, -n
|
|
|
|
Display port numbers instead of services (makes sense only with :option:`--list`)
|
|
|
|
Authors
|
|
=======
|
|
| Joanna Rutkowska <joanna at invisiblethingslab dot com>
|
|
| Rafal Wojtczuk <rafal at invisiblethingslab dot com>
|
|
| Marek Marczykowski <marmarek at invisiblethingslab dot com>
|