|
|
@@ -22,6 +22,12 @@ First develop and document the part related to manual port forwarding since it i
|
|
|
* https://www.qubes-os.org/doc/firewall/
|
|
|
* https://www.qubes-os.org/doc/config-files/
|
|
|
|
|
|
+### Dev Repositories
|
|
|
+ * https://git.lsd.cat/Qubes/core-admin
|
|
|
+ * https://git.lsd.cat/Qubes/core-admin-client
|
|
|
+ * https://git.lsd.cat/Qubes/core-agent-linux
|
|
|
+
|
|
|
+
|
|
|
### Main components involved
|
|
|
1. [Firewall GUI in "Settings" (qubes-manager)](https://github.com/QubesOS/qubes-manager/blob/master/qubesmanager/firewall.py)
|
|
|
2. [CLI interface available via `qvm-firewall` (core-admin-client)](https://github.com/QubesOS/qubes-core-admin-client/blob/master/qubesadmin/tools/qvm_firewall.py)
|
|
|
@@ -150,21 +156,20 @@ It is important to note that in the last case, it is just a standard case of int
|
|
|
### Implementation Roadmap
|
|
|
|
|
|
|
|
|
-
|
|
|
1. ✔️ In `core-admin-client/qubesadmin/firewall.py` firewall.py > The code
|
|
|
needs to support the new options for the rule (action=forward
|
|
|
frowardtype=<internal/external> srcports=443-443 srchosts=0.0.0.0/0
|
|
|
2. ✔️ In `core-admin/qubes/firewall.py` -> The code needs to support the same
|
|
|
options as the point above
|
|
|
- 3. 🚧 In `core-admin/qubes/vm/mix/net.py` -> The most important logic goes
|
|
|
+ 3. ✔️ In `core-admin/qubes/vm/mix/net.py` -> The most important logic goes
|
|
|
here. Here there is the need to resolve the full network chain for
|
|
|
external port forwarding. From here it is possible to add the respective
|
|
|
rules to the QubesDB of each NetVM in he chain and trigger a reload event.
|
|
|
- 4. ❌ In `core-agent-linux/qubesagent/firewall.py` -> Here goes the logic for
|
|
|
+ 4. 🚧 In `core-agent-linux/qubesagent/firewall.py` -> Here goes the logic for
|
|
|
building the correct syntax for iptables or nft and the actual execution
|
|
|
- 5. ❌ GUI\
|
|
|
-\
|
|
|
-\
|
|
|
+ 5. ❌ GUI
|
|
|
+ 6. ❌ Tests
|
|
|
+
|
|
|
|
|
|
### Required rules
|
|
|
#### External
|
