diff --git a/Readme.md b/Readme.md index f45d2c5..1522ae9 100644 --- a/Readme.md +++ b/Readme.md @@ -134,6 +134,9 @@ Of course `expire=` and `comment=` are optional fields. ### Required rules +#### External + +***srchost and srcports support yet to be written here *** In ``: ``` @@ -150,6 +153,20 @@ iptables -I FORWARD 2 -i -d -p tcp --dport nft add rule ip qubes-firewall forward meta iifname ip daddr tcp dport ct state new counter accept ``` +in ``: +``` +iptables -w -I INPUT 5 -d -p tcp --dport -m conntrack --ctstate NEW -j ACCEPT +``` + +#### Internal +In ``: + +``` +iptables -t nat -A PREROUTING -i -p tcp --dport -d -j DNAT --to-destination +iptables -I FORWARD 2 -i -d -p tcp --dport -m conntrack --ctstate NEW -j ACCEPT +nft add rule ip qubes-firewall forward meta iifname ip daddr tcp dport ct state new counter accept +``` + in ``: ``` iptables -w -I INPUT 5 -d -p tcp --dport -m conntrack --ctstate NEW -j ACCEPT