This is understandable, but traffic connected to sys-firewall and
sys-net bypass tor. On the whonix forum I was told that this is impossible) If
I translated his answer correctly.
https://forums.whonix.org/t/how-to-block-all-non-tor-traffic/9308
Basically, I figured out that sys-net needs to cut off all traffic that
doesn't come from sys-firewall, but I can't figure out what to do with
sys-firewall yet. On 2020-04-11, [email protected] wrote:
On 4/11/20 8:32 AM, hsfcyxr hsfcyxr wrote: > There’s a second computer to
access the Clinet. > How do I completely block traffic bypassing sys-whonix?
I don’t know > much English, so I couldn’t find it myself, I read qubes
and whonix > documentation. > (I marked dom0 updates via tor during
installation, prescribed “sudo > systemctl restart
qubes-whonix-torified-updates-proxy-check”, installed > everything in Qube
Manager except sys-firewall, sys-whonix, sys-net and > Tamplate VM on
sys-whonix, > Qubes global settings -> Dom0 UpdateVM -> sys-whonix
> Qubes global settings -> ClockV -> sys-whonix > Qubes global
settings -> Default netVM -> sys-whonix > Qubes global settings ->
Default template -> fedora-30 > Qubes global settings -> Default
DisposableVM Template -> fedora-30-dvm > ) > Maybe there are some
guides to setting qubes to anonymity so that the > browser can’t
recognize my time zone (so that it is different on > different AppVMs). And
how to add a different language to the keyboard, > again, so that it would
be visible only on the AppVMs I need. > > img:
qubes-os[.]org/attachment/wiki/posts/admin-api.png > *I will formulate a
more specific question, as in the diagram above, to > block all connections
to sys-net except sys-whonix->sys-firewall->sys-net.* Its best to ask
about Whonix specifics on the whonix.org forums. However, I'm pretty sure that
sys-whonix is already configured not to allow any non-Tor traffic; That is
the point of having a Tor VM in the first place, to enforce network containment
as strongly as possible. -- Chris Laprise, [email protected]
https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E
764A 73EB 4AB3 1DC4 D106 F07F 1886
------------------------------------------
This mail was sent by Confidesk AG`s secure mail service. Check it on
http://www.confidesk.com/
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/E1jNMmx-0004UZ-5W%40chwww1.confidesk.com.
