qubes-mirage-firewall
qubes-mirage-firewall copied to clipboard
Remove DNS rule?
In Qubes 3, AppVMs were configured to send DNS traffic to the firewall, which redirected it to sys-net. In Qubes 4 it looks like AppVMs are configured to use 10.139.1.{1,2}
as their nameservers and an iptables rule in the NAT table of sys-net redirects it. Do we still need the DNS redirection rule in mirage-firewall?
Strangely, on my system I can do DNS lookups on any IP at all and it works. e.g. nslookup www.google.com 200.123.123.123
works, even in sys-net. I don't know what is doing that.
Fixed in master.
Which PR fixed it? I still see the code in rules.ml:
https://github.com/mirage/qubes-mirage-firewall/blob/master/rules.ml#L101
Sorry, this was a miscommunication between Hannes and me and should stay open, you are correct.
#142 (merged as part of #149) solves this issue.