Ask in dom0 whenever a TCP connection request launches behind a firewall VM?

There is a dom0 user prompt solution for sudo: Passwordless root access in qubes | Qubes OS which will ask user from dom0 when sudo is executed in a VM.

Is there a dom0 user prompt solution for TCP - a dedicated firewall VM, so that whenever a TCP SYN is sent behind the firewall, firewall VM will prompt user to allow or deny the connection?

The firewall can be more helpful by using the DNS traffic when available.

Therefore, each time a VM wants to connect to the internet via TCP, it will need user approval. User can see the protocol (tcp, udp), the peer address & port, the source address (vm name) & port, the deducted host name of peer (provided by firewall vm), and the hint from VM (untrusted string, including pid & process name that initiate the connection).

1 Like

That could be an interesting project to learn Qubes ^^
A script could use stap/systemtap to monitor for activity, with generated rules based on the firewall outgoing ones, and then send a warning via maybe the Qubes TCP or RPC protocol ?
If allowed by the warning window, a new firewall rule would be created in the VM.