I have known tor guard node/bridge nodes that I am using and I want to use the CLI firewall to prevent all traffic leaks just in case there is ever a leak in whonix.
sys net → sys firewall → sys vpn → mirage firewall proxy vm → sys whonix → anonwhonix
The mirage firewall proxy vm would be where the firewall rules would be set. I want to limit all traffic to solely the guard node’s ip. Instructions on how to do this will result in the 100$. Paid in Crypto
What currencies exactly?
Dear bridgeguardnode,
I think that can be done, and it can even be possible to write a dedicated patch to qubes-mirage-firewall to restrict all the traffic to your specific host IP. You’ll be able to compile the unikernel by yourself, but you’ll need to do that again for every release update of qubes-mirage-firewall.
Best.
qvm-firewall sys-whonix ... ultimately creates firewall rules inside the netvm for sys-whonix (= the mirage VM, in your case), so assuming that you only want to allow traffic to the guards at 1.2.3.4:443 and 2.3.4.5:9001:
qvm-firewall sys-whonix reset
qvm-firewall sys-whonix del accept
qvm-firewall sys-whonix add dsthost=1.2.3.4 proto=tcp dstports=443 accept
qvm-firewall sys-whonix add dsthost=2.3.4.5 proto=tcp dstports=9001 accept
Or leave out the proto=... and dstports=... arguments to allow traffic to the whole IP address.
The guards’ IP addresses and ports can be looked up at Relay Search.