Qubes/gsoc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Minor fixes; added proposal chart

Browse Source
This commit is contained in:
Giulio 2021-06-22 11:51:15 +02:00
parent a7a6f34381
commit 205a1d2fd2
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Readme.md
View File

@ -97,7 +97,7 @@ qvm-firewall <vmname> --reload
The following command can be used to add a rule. Not that if the GUI detects that the firewall has been edited from CLI, since it does not support all CLI settings, it will refuse to allow management again from the GUI.
```
qvm-firewall <vmname> add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 command="cloudflare http test rule" expire=+5000
qvm-firewall <vmname> add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 expire=+5000 comment="cloudflare http test rule"
```
### Proposal
@ -108,10 +108,11 @@ The main issue however is the fact that currenly, the firewall client library is
Since in the case of port forwarding the target ip address would always be the `<vmname>` IP address, users should not be asked for a `dsthost` field. Adding a forward rule could look like this:
```
qvm-firewall <vmname> add action=forward proto=tcp dstports=443-443 command="example https server rule" expire=+500000
qvm-firewall <vmname> add action=forward proto=tcp type=external srcports=443-443 dstports=80443-80443 srchost=0.0.0.0/0 expire=+500000 comment="example https server rule"
qvm-firewall <vmname> add action=forward proto=tcp type=internal srcports=80-80 dstports=8000-8000 srchost=10.137.0.13 expire=+500000 comment="example internal simplehttpserver file sharing rule"
```
Of course `expire=` and `comment=` are not optional fields.
Of course `expire=` and `comment=` are optional fields.
```
<rule>
@ -119,11 +120,18 @@ Of course `expire=` and `comment=` are not optional fields.
<!-- sample syntax for port forwarding -->
<property name="action">forward</property>
<property name="proto">tcp</property>
<property name="dstports">443</property>
<property name="type">external</property>
<property name="srcports">443-443</property>
<property name="dstports">80443-80443</property>
<property name="srchost">0.0.0.0/0</property>
<property name="comment">example https server rule</property>
</properties>
</rule>
```
### Proposal chart
![Implementation](https://git.lsd.cat/Qubes/gsoc/raw/master/assets/implementation.png)
### Required rules
In `<networkvm>`:

BIN
assets/implementation.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB