Minor fixes; added proposal chart

This commit is contained in:
Giulio 2021-06-22 11:51:15 +02:00
parent a7a6f34381
commit 205a1d2fd2
2 changed files with 12 additions and 4 deletions

View File

@ -97,7 +97,7 @@ qvm-firewall <vmname> --reload
The following command can be used to add a rule. Not that if the GUI detects that the firewall has been edited from CLI, since it does not support all CLI settings, it will refuse to allow management again from the GUI. The following command can be used to add a rule. Not that if the GUI detects that the firewall has been edited from CLI, since it does not support all CLI settings, it will refuse to allow management again from the GUI.
``` ```
qvm-firewall <vmname> add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 command="cloudflare http test rule" expire=+5000 qvm-firewall <vmname> add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 expire=+5000 comment="cloudflare http test rule"
``` ```
### Proposal ### Proposal
@ -108,10 +108,11 @@ The main issue however is the fact that currenly, the firewall client library is
Since in the case of port forwarding the target ip address would always be the `<vmname>` IP address, users should not be asked for a `dsthost` field. Adding a forward rule could look like this: Since in the case of port forwarding the target ip address would always be the `<vmname>` IP address, users should not be asked for a `dsthost` field. Adding a forward rule could look like this:
``` ```
qvm-firewall <vmname> add action=forward proto=tcp dstports=443-443 command="example https server rule" expire=+500000 qvm-firewall <vmname> add action=forward proto=tcp type=external srcports=443-443 dstports=80443-80443 srchost=0.0.0.0/0 expire=+500000 comment="example https server rule"
qvm-firewall <vmname> add action=forward proto=tcp type=internal srcports=80-80 dstports=8000-8000 srchost=10.137.0.13 expire=+500000 comment="example internal simplehttpserver file sharing rule"
``` ```
Of course `expire=` and `comment=` are not optional fields. Of course `expire=` and `comment=` are optional fields.
``` ```
<rule> <rule>
@ -119,11 +120,18 @@ Of course `expire=` and `comment=` are not optional fields.
<!-- sample syntax for port forwarding --> <!-- sample syntax for port forwarding -->
<property name="action">forward</property> <property name="action">forward</property>
<property name="proto">tcp</property> <property name="proto">tcp</property>
<property name="dstports">443</property> <property name="type">external</property>
<property name="srcports">443-443</property>
<property name="dstports">80443-80443</property>
<property name="srchost">0.0.0.0/0</property>
<property name="comment">example https server rule</property>
</properties> </properties>
</rule> </rule>
``` ```
### Proposal chart
![Implementation](https://git.lsd.cat/Qubes/gsoc/raw/master/assets/implementation.png)
### Required rules ### Required rules
In `<networkvm>`: In `<networkvm>`:

BIN
assets/implementation.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 36 KiB