IP-Fire as Firewall on QubesOS

Is it possible to change the integrated firewall in QubesOS with IP-Fire.

Thanks in advance.

IPFire is an OS itself, not an iptables firewall only.


the “firewall” in Qubes OS actually consists of a VM named sys-firewall, running Fedora by default. It is heavily customized and integrated into the Qubes OS ecosystem (qrexec et al.), which is why IPFire is neither a suitable replacement for it nor would provide additional security in this context.

Please refer to the Qubes OS documentation for further information, and/or ask at the Qubes OS project forum or mailinglist in case of more detailled questions regarding it.

You are, however, free to protect the device running Qubes OS by putting an IPFire machine in front of it. :slight_smile:

Thanks, and best regards,
Peter Müller


Hi Peter Müller,

thank you for your answer. And yes, as in the good-old time (ipcop, please don’t misunderstood, i find ipfire really,really good), as we understand that a real Firewall should not install in an Virtualisation-System.

But, as in a version < 4.x of Qubes OS i could integrate the IPFire as “my best, because more selfadministrated” Firewall-Solution in. Sorry, it is not my intention to badmouth this software, too, but i look on QubesOS as an System only as an hardened Virtualisationsystem with special features.

From the Qubes OS page

Qubes OS is a free and open-source, security-oriented operating system for single-user desktop computing

IPFire is a ‘internet gateway’ for local networks, installed on dedicated hardware ( see https://wiki.ipfire.org/what-is-ipfire ). Why do want to place it onto only one system?

Because i want an “best possible ( with self-administrated firewall-solution)” mobile Computersystem(Notebook). And yes it works with an older version ( <= 3.x QubesOS-Version).
Only for study-proposes.