From c44b8a13c9afa20cdb4cd4f8a69e45493eac7f8f Mon Sep 17 00:00:00 2001 From: clayton Date: Tue, 19 Jul 2016 20:09:06 +0800 Subject: [PATCH] Add a specific note about where to put iptables in /rw/config/ --- security/qubes-firewall.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/security/qubes-firewall.md b/security/qubes-firewall.md index 980888ad..f90ec8ae 100644 --- a/security/qubes-firewall.md +++ b/security/qubes-firewall.md @@ -315,3 +315,11 @@ fi This time testing should allow connectivity to the service as long as the service is up :-) + +Where to put firewall rules +--------------------------- + +Implicit in the above example, but worth calling attention to: for all +VMs EXCEPT proxy VMs, iptables commands should be added to the +'/rw/config/rc.local' script. For proxy VMs, iptables commands should +be added to '/rw/config/qubes_firewall_user_script'.