Hi,
sorry for that question, but i seem not to get it.
I want to block all outgoing traffic and allow it manualy.
So far so good. I made rules for green clients to red network.
But the problem are the internal DOT-Servers, they can not go outside.
So i made rules for them:
from red firewall with source nat for red to the ip of the dns with the 853 tcp port (source port something like 53625)
But it has no effect, drop_output in the log to the dns servers
just to have it mentioned: Screenshots are possible within Qubes OS, however,
the files will be saved in dom0, and you will have to copy or move them to
the desired VM.
since IPFire uses HTTPS (i. e. TCP with destination port 443) only, you could set up a
host group for all mirror servers, so you only need one firewall rule in order to permit
fetching updates.
Personally, I really like these, since they make things more straightforward.
Please refer to the documentation for further information.
Might be of use to you, happy to share a text version of the group if it helps.
this would be certainly helpful.
Perhaps we should add such a list to the Wiki to make this step easier for new users
as well. On the other hand, this needs some automation, since mirror IP addresses may
change at any timeā¦
I tried that when creating the group but found pakfire randomly selecting a mirror so I ditched the idea of a limited mirror list and just went ahead and added them all.
@anon33261557ā¦ I must be getting āoldtimersā because I totally forgot about your reply back in September. Had I remembered I would have pointed the good folks to that topic. Thanks for pointing that out.
Maybe Iām not the only one with āoldtimersā - Iāve noticed in the forum how some questions get asked again eventhough they have already been answered in a previous post / topic.
My New Yearās resolutionā¦ make better use of IPFire forum archives!
In the meantime, wishing you all the very best for Xmas 2020.