qubes-mirage-firewall icon indicating copy to clipboard operation
qubes-mirage-firewall copied to clipboard

Published 20 hours ago verified publisher icon mirage

Remove DNS rule?

Open talex5 opened this issue 5 years ago • 3 comments

In Qubes 3, AppVMs were configured to send DNS traffic to the firewall, which redirected it to sys-net. In Qubes 4 it looks like AppVMs are configured to use 10.139.1.{1,2} as their nameservers and an iptables rule in the NAT table of sys-net redirects it. Do we still need the DNS redirection rule in mirage-firewall?

Strangely, on my system I can do DNS lookups on any IP at all and it works. e.g. nslookup www.google.com 200.123.123.123 works, even in sys-net. I don't know what is doing that.

talex5 avatar May 03 '19 11:05 talex5

Fixed in master.

linse avatar May 19 '20 13:05 linse

Which PR fixed it? I still see the code in rules.ml:

https://github.com/mirage/qubes-mirage-firewall/blob/master/rules.ml#L101

talex5 avatar May 19 '20 13:05 talex5

Sorry, this was a miscommunication between Hannes and me and should stay open, you are correct.

linse avatar May 19 '20 13:05 linse

#142 (merged as part of #149) solves this issue.

hannesm avatar Sep 14 '22 08:09 hannesm