From 052c780bfeb482c8c94d64023b8ccfdda6f7650e Mon Sep 17 00:00:00 2001
From: Giulio <giulio@gmx.com>
Date: Tue, 22 Jun 2021 12:04:31 +0200
Subject: [PATCH] srchosts note

---
 Readme.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/Readme.md b/Readme.md
index f45d2c5..1522ae9 100644
--- a/Readme.md
+++ b/Readme.md
@@ -134,6 +134,9 @@ Of course `expire=` and `comment=` are optional fields.
 
 ### Required rules
 
+#### External
+
+***srchost and srcports support yet to be written here ***
 In `<networkvm>`:
 
 ```
@@ -150,6 +153,20 @@ iptables -I FORWARD 2 -i <interface> -d <appvm_ip> -p tcp --dport <target_port>
 nft add rule ip qubes-firewall forward meta iifname <interface> ip daddr <appvm_ip> tcp dport <target_port> ct state new counter accept
 ```
 
+in `<appvm>`:
+```
+iptables -w -I INPUT 5 -d <appvm_ip> -p tcp --dport <target_port> -m conntrack --ctstate NEW -j ACCEPT
+```
+
+#### Internal
+In `<firewallvm>`:
+
+```
+iptables -t nat -A PREROUTING -i <interface> -p tcp --dport <target_port> -d <firewallvm_ip> -j DNAT --to-destination <appvm_ip>
+iptables -I FORWARD 2 -i <interface> -d <appvm_ip> -p tcp --dport <target_port> -m conntrack --ctstate NEW -j ACCEPT
+nft add rule ip qubes-firewall forward meta iifname <interface> ip daddr <appvm_ip> tcp dport <target_port> ct state new counter accept
+```
+
 in `<appvm>`:
 ```
 iptables -w -I INPUT 5 -d <appvm_ip> -p tcp --dport <target_port> -m conntrack --ctstate NEW -j ACCEPT