diff --git a/Readme.md b/Readme.md index 55efca3..f45d2c5 100644 --- a/Readme.md +++ b/Readme.md @@ -97,7 +97,7 @@ qvm-firewall --reload The following command can be used to add a rule. Not that if the GUI detects that the firewall has been edited from CLI, since it does not support all CLI settings, it will refuse to allow management again from the GUI. ``` -qvm-firewall add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 command="cloudflare http test rule" expire=+5000 +qvm-firewall add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 expire=+5000 comment="cloudflare http test rule" ``` ### Proposal @@ -108,10 +108,11 @@ The main issue however is the fact that currenly, the firewall client library is Since in the case of port forwarding the target ip address would always be the `` IP address, users should not be asked for a `dsthost` field. Adding a forward rule could look like this: ``` -qvm-firewall add action=forward proto=tcp dstports=443-443 command="example https server rule" expire=+500000 +qvm-firewall add action=forward proto=tcp type=external srcports=443-443 dstports=80443-80443 srchost=0.0.0.0/0 expire=+500000 comment="example https server rule" +qvm-firewall add action=forward proto=tcp type=internal srcports=80-80 dstports=8000-8000 srchost=10.137.0.13 expire=+500000 comment="example internal simplehttpserver file sharing rule" ``` -Of course `expire=` and `comment=` are not optional fields. +Of course `expire=` and `comment=` are optional fields. ``` @@ -119,11 +120,18 @@ Of course `expire=` and `comment=` are not optional fields. forward tcp - 443 + external + 443-443 + 80443-80443 + 0.0.0.0/0 + example https server rule ``` +### Proposal chart +![Implementation](https://git.lsd.cat/Qubes/gsoc/raw/master/assets/implementation.png) + ### Required rules In ``: diff --git a/assets/implementation.png b/assets/implementation.png new file mode 100644 index 0000000..5131700 Binary files /dev/null and b/assets/implementation.png differ