Home Explore Help
Sign In
Qubes
/
gsoc
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Minor fixes; added proposal chart

Giulio 2 years ago
parent
a7a6f34381
commit
205a1d2fd2
2 changed files with 12 additions and 4 deletions
Split View Show Diff Stats
  1. 12 4
      Readme.md
  2. BIN
      assets/implementation.png

+ 12 - 4
Readme.md
View File 

@@ -97,7 +97,7 @@ qvm-firewall <vmname> --reload
 
 The following command can be used to add a rule. Not that if the GUI detects that the firewall has been edited from CLI, since it does not support all CLI settings, it will refuse to allow management again from the GUI.

 

 ```

-qvm-firewall <vmname> add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 command="cloudflare http test rule" expire=+5000

+qvm-firewall <vmname> add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 expire=+5000 comment="cloudflare http test rule"

 ```

 

 ### Proposal

@@ -108,10 +108,11 @@ The main issue however is the fact that currenly, the firewall client library is
 
 Since in the case of port forwarding the target ip address would always be the `<vmname>` IP address, users should not be asked for a `dsthost` field. Adding a forward rule could look like this:

 

 ```

-qvm-firewall <vmname> add action=forward proto=tcp dstports=443-443 command="example https server rule" expire=+500000

+qvm-firewall <vmname> add action=forward proto=tcp type=external srcports=443-443 dstports=80443-80443 srchost=0.0.0.0/0 expire=+500000 comment="example https server rule"

+qvm-firewall <vmname> add action=forward proto=tcp type=internal srcports=80-80 dstports=8000-8000 srchost=10.137.0.13 expire=+500000 comment="example internal simplehttpserver file sharing rule"

 ```

 

-Of course `expire=` and `comment=` are not optional fields.

+Of course `expire=` and `comment=` are optional fields.

 

 ```

 		<rule>

@@ -119,11 +120,18 @@ Of course `expire=` and `comment=` are not optional fields.
 
 				<!-- sample syntax for port forwarding -->

 				<property name="action">forward</property>

 				<property name="proto">tcp</property>

-				<property name="dstports">443</property>

+				<property name="type">external</property>

+				<property name="srcports">443-443</property>

+				<property name="dstports">80443-80443</property>

+				<property name="srchost">0.0.0.0/0</property>

+				<property name="comment">example https server rule</property>

 			</properties>

 		</rule>

 ```

 

+### Proposal chart

+![Implementation](https://git.lsd.cat/Qubes/gsoc/raw/master/assets/implementation.png)

+

 ### Required rules

 

 In `<networkvm>`:

BIN
assets/implementation.png
View File