|
@@ -97,7 +97,7 @@ qvm-firewall <vmname> --reload
|
|
|
The following command can be used to add a rule. Not that if the GUI detects that the firewall has been edited from CLI, since it does not support all CLI settings, it will refuse to allow management again from the GUI.
|
|
|
|
|
|
```
|
|
|
-qvm-firewall <vmname> add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 command="cloudflare http test rule" expire=+5000
|
|
|
+qvm-firewall <vmname> add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 expire=+5000 comment="cloudflare http test rule"
|
|
|
```
|
|
|
|
|
|
### Proposal
|
|
@@ -108,10 +108,11 @@ The main issue however is the fact that currenly, the firewall client library is
|
|
|
Since in the case of port forwarding the target ip address would always be the `<vmname>` IP address, users should not be asked for a `dsthost` field. Adding a forward rule could look like this:
|
|
|
|
|
|
```
|
|
|
-qvm-firewall <vmname> add action=forward proto=tcp dstports=443-443 command="example https server rule" expire=+500000
|
|
|
+qvm-firewall <vmname> add action=forward proto=tcp type=external srcports=443-443 dstports=80443-80443 srchost=0.0.0.0/0 expire=+500000 comment="example https server rule"
|
|
|
+qvm-firewall <vmname> add action=forward proto=tcp type=internal srcports=80-80 dstports=8000-8000 srchost=10.137.0.13 expire=+500000 comment="example internal simplehttpserver file sharing rule"
|
|
|
```
|
|
|
|
|
|
-Of course `expire=` and `comment=` are not optional fields.
|
|
|
+Of course `expire=` and `comment=` are optional fields.
|
|
|
|
|
|
```
|
|
|
<rule>
|
|
@@ -119,11 +120,18 @@ Of course `expire=` and `comment=` are not optional fields.
|
|
|
<!-- sample syntax for port forwarding -->
|
|
|
<property name="action">forward</property>
|
|
|
<property name="proto">tcp</property>
|
|
|
- <property name="dstports">443</property>
|
|
|
+ <property name="type">external</property>
|
|
|
+ <property name="srcports">443-443</property>
|
|
|
+ <property name="dstports">80443-80443</property>
|
|
|
+ <property name="srchost">0.0.0.0/0</property>
|
|
|
+ <property name="comment">example https server rule</property>
|
|
|
</properties>
|
|
|
</rule>
|
|
|
```
|
|
|
|
|
|
+### Proposal chart
|
|
|
+![Implementation](https://git.lsd.cat/Qubes/gsoc/raw/master/assets/implementation.png)
|
|
|
+
|
|
|
### Required rules
|
|
|
|
|
|
In `<networkvm>`:
|