I would like to use application-specific firewall-rules in qubes.
Since each AppVM has its purposes and each should be allowed to access only what it needs, same goes for applications.
- I would like to block certain domains and URLs. I prefer not to trust Firefox add-ons, and other applications that need some internet access don’t have URL-based blocking/filtering abilities.
- I would like to allow specific (Port / URL-Based) “pin-hole” internet access only to applications who need it (everything else should be denied).
- I’m guessing that asking to be able to set protocol-specific rules is irrelevant because it requires the app-firewall to correctly identify protocol based on traffic inside (usually)encrypted session, which brings us to ssl-inspection and MITM and makes it all much more complicated and resource heavy. (…but why not dream big. So i’ll just put it here anyway)
- I would like to see a log (even be alerted?) about application that deviated from where it’s supposed to go.
- Obviously, different rules will apply to same applications residing inside different AppVMs
I would love to hear your thoughts on the matter.
(I was very surprised that application firewall feature isn’t mentioned anywhere, assuming I didn’t miss anything, and am posting all of this for nothing)