qubes-mirage-firewall
qubes-mirage-firewall copied to clipboard
mirage
A Mirage firewall VM for QubesOS
Qubes 4.0 (RC 4.0) Xen version 4.8.5-25.fc25 Linux 4.19.155-1.pvops.qubes.x86_64 Guest: Windows Server 2019 Std Using latest development master driver from https://xenbits.xen.org/pvdrivers/win Output from `sudo xl console -t pv ` Freezes...
Hello. Qubes 4.0 Domain mirage-firewall with netvm -> sys-net. sys-net add kernel_opts ```ipv6.disable=1``` All domain with netvm mirage-firewall fails start. And mirage-firewall infinity shutdown. (no shutdown, only kill)
From https://github.com/mirage/qubes-mirage-firewall/pull/116#issuecomment-716625681: > I've switched the base image in the Dockerfile from Alpine to Fedora, and it seems to be working now. It would be a good idea to investigate...
Does this firewall support forwarding IPv6 packets? If I spin up a browser behind it, I can't navigate to http://ip6only.me/ - but this works fine when I use the standard...
Hi @talex5 and thank you! Is there a Mirage Unikernel equivalent for VPNs?
In Qubes 3, AppVMs were configured to send DNS traffic to the firewall, which redirected it to sys-net. In Qubes 4 it looks like AppVMs are configured to use `10.139.1.{1,2}`...
When building from source on a fedora-30 VM which is using sys-whonix as a NetVM, the Docker build script continually fails at sexplib0.v0.12.0 with the error "Curl failed." It looks...
The mirage-firewall distribution includes dummy `modules.img` and `initramfs` files. These were needed on Qubes 3 for it to accept something as a kernel. On Qubes 4 (according to https://www.qubes-os.org/doc/managing-vm-kernel/): >...
Qubes 3 required us to connect to the GUI daemon in dom0 before it would consider the firewall to have started. Qubes 4 no longer requires this (see `man qvm-features`)....
Currently, we don't checksum incoming packets and we calculate the full checksum when doing NAT. This means: 1) We may fail to detect invalid incoming packets (although hopefully NetVM will...