Minor fixes; added proposal chart
This commit is contained in:
parent
a7a6f34381
commit
205a1d2fd2
16
Readme.md
16
Readme.md
@ -97,7 +97,7 @@ qvm-firewall <vmname> --reload
|
|||||||
The following command can be used to add a rule. Not that if the GUI detects that the firewall has been edited from CLI, since it does not support all CLI settings, it will refuse to allow management again from the GUI.
|
The following command can be used to add a rule. Not that if the GUI detects that the firewall has been edited from CLI, since it does not support all CLI settings, it will refuse to allow management again from the GUI.
|
||||||
|
|
||||||
```
|
```
|
||||||
qvm-firewall <vmname> add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 command="cloudflare http test rule" expire=+5000
|
qvm-firewall <vmname> add action=accept dsthost=1.1.1.1 proto=tcp dstports=80-80 expire=+5000 comment="cloudflare http test rule"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Proposal
|
### Proposal
|
||||||
@ -108,10 +108,11 @@ The main issue however is the fact that currenly, the firewall client library is
|
|||||||
Since in the case of port forwarding the target ip address would always be the `<vmname>` IP address, users should not be asked for a `dsthost` field. Adding a forward rule could look like this:
|
Since in the case of port forwarding the target ip address would always be the `<vmname>` IP address, users should not be asked for a `dsthost` field. Adding a forward rule could look like this:
|
||||||
|
|
||||||
```
|
```
|
||||||
qvm-firewall <vmname> add action=forward proto=tcp dstports=443-443 command="example https server rule" expire=+500000
|
qvm-firewall <vmname> add action=forward proto=tcp type=external srcports=443-443 dstports=80443-80443 srchost=0.0.0.0/0 expire=+500000 comment="example https server rule"
|
||||||
|
qvm-firewall <vmname> add action=forward proto=tcp type=internal srcports=80-80 dstports=8000-8000 srchost=10.137.0.13 expire=+500000 comment="example internal simplehttpserver file sharing rule"
|
||||||
```
|
```
|
||||||
|
|
||||||
Of course `expire=` and `comment=` are not optional fields.
|
Of course `expire=` and `comment=` are optional fields.
|
||||||
|
|
||||||
```
|
```
|
||||||
<rule>
|
<rule>
|
||||||
@ -119,11 +120,18 @@ Of course `expire=` and `comment=` are not optional fields.
|
|||||||
<!-- sample syntax for port forwarding -->
|
<!-- sample syntax for port forwarding -->
|
||||||
<property name="action">forward</property>
|
<property name="action">forward</property>
|
||||||
<property name="proto">tcp</property>
|
<property name="proto">tcp</property>
|
||||||
<property name="dstports">443</property>
|
<property name="type">external</property>
|
||||||
|
<property name="srcports">443-443</property>
|
||||||
|
<property name="dstports">80443-80443</property>
|
||||||
|
<property name="srchost">0.0.0.0/0</property>
|
||||||
|
<property name="comment">example https server rule</property>
|
||||||
</properties>
|
</properties>
|
||||||
</rule>
|
</rule>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Proposal chart
|
||||||
|
![Implementation](https://git.lsd.cat/Qubes/gsoc/raw/master/assets/implementation.png)
|
||||||
|
|
||||||
### Required rules
|
### Required rules
|
||||||
|
|
||||||
In `<networkvm>`:
|
In `<networkvm>`:
|
||||||
|
BIN
assets/implementation.png
Normal file
BIN
assets/implementation.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 36 KiB |
Loading…
Reference in New Issue
Block a user