Pierre Alain

Would you mind to give the result of `qvm-firewall AppVM list`?

Thank you for that output. These rules (set on mirage-fw in Qubes Manager but not dealt inside mirage-fw, it's up to it's netvm to filter the netflow) should be visible...

Yes I think you should be able to restrict the vpn netflow by setting rules on the mirage-fw tab in Qubes Manager. However this leads into rules being checked by...

~The rules should only be visible in the uplink VM where you add some rules (so core-net when rules are set on mirage-fw or sys-firewall, mirage-fw or sys-firewall when set...

To summarize the tests, am I right with the following? - standard Qubes, firewall rules on mirage-fw: can limit traffic to vpn only - standard Qubes, firewall rules on sys-firewall:...

Hi, I found an easy way to check firewall rules in core-net, would you mind to type: - before applying fw rules to qubes-mirage-fw - after applying fw rules to...

Sorry I forgot the command to type in core-net : `sudo nft list table qubes-firewall`.

Oh that's probably because liteqube uses the `-minimal` templates. That may (or may not) be a root cause for this issue. I'm also thinking about the vpn script (https://github.com/a-barinov/liteqube/blob/main/4.VPN/default/debian-core/etc/protect/template.core-vpn/usrlocal/bin/liteqube-vpn), please,...

Ok thanks ! Anyway this is probably not the root cause. It seems that iptables in debian stands for nft, so you still should be able to see the rules...

So I have exactly the same (classical Qubes, fedora sys-net). So there's probably a way to check into core-net the filter rules you set for mirage-fw. Sadly I didn't find...