From dbb1fdca52c02f8b24b151b7714da775996b4a94 Mon Sep 17 00:00:00 2001 From: Giulio Date: Tue, 13 Jul 2021 22:32:35 +0200 Subject: [PATCH] Progress update --- Readme.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/Readme.md b/Readme.md index 6189930..5854c38 100644 --- a/Readme.md +++ b/Readme.md @@ -22,6 +22,12 @@ First develop and document the part related to manual port forwarding since it i * https://www.qubes-os.org/doc/firewall/ * https://www.qubes-os.org/doc/config-files/ +### Dev Repositories + * https://git.lsd.cat/Qubes/core-admin + * https://git.lsd.cat/Qubes/core-admin-client + * https://git.lsd.cat/Qubes/core-agent-linux + + ### Main components involved 1. [Firewall GUI in "Settings" (qubes-manager)](https://github.com/QubesOS/qubes-manager/blob/master/qubesmanager/firewall.py) 2. [CLI interface available via `qvm-firewall` (core-admin-client)](https://github.com/QubesOS/qubes-core-admin-client/blob/master/qubesadmin/tools/qvm_firewall.py) @@ -150,21 +156,20 @@ It is important to note that in the last case, it is just a standard case of int ### Implementation Roadmap - 1. ✔️ In `core-admin-client/qubesadmin/firewall.py` firewall.py > The code needs to support the new options for the rule (action=forward frowardtype= srcports=443-443 srchosts=0.0.0.0/0 2. ✔️ In `core-admin/qubes/firewall.py` -> The code needs to support the same options as the point above - 3. 🚧 In `core-admin/qubes/vm/mix/net.py` -> The most important logic goes + 3. ✔️ In `core-admin/qubes/vm/mix/net.py` -> The most important logic goes here. Here there is the need to resolve the full network chain for external port forwarding. From here it is possible to add the respective rules to the QubesDB of each NetVM in he chain and trigger a reload event. - 4. ❌ In `core-agent-linux/qubesagent/firewall.py` -> Here goes the logic for + 4. 🚧 In `core-agent-linux/qubesagent/firewall.py` -> Here goes the logic for building the correct syntax for iptables or nft and the actual execution - 5. ❌ GUI\ -\ -\ + 5. ❌ GUI + 6. ❌ Tests + ### Required rules #### External