Yes!
And then the command in 3. also changed.
Allright. In your guide step 1. has a double space between tee and /etc/.... Is this important?
No that shouldnât matter. Iâve just fixed it now.
Thanks! Itâs working now:)
One last question: Is this guide outdated: (Firewall | Qubes OS)?
It is stated there to create a file in /etc/qubes-rpc/policy/qubes.ConnectTCP rather than /etc/qubes/policy.d/30-remote-admin.policy.
Looks like itâs outdated. Calling in @adw, the maintainer of the docs.
Fantastic! 
1 Like
My overall goal is to access dom0 via vnc from the outside world. (Iâm aware of the security risks.)
I have configured a wireguard gateway into my local network and want to expose a port of my qubes desktop computer to the local network for vnc access. (so sys-net â sys-firewall â remote-admin) .
Are you aware of a good guide?
I have found this (Firewall | Qubes OS)
and this ([Contribution] qvm-expose-port ¡ Issue #4028 ¡ QubesOS/qubes-issues ¡ GitHub) but this may be also outdated.
Well, because youâre punching a hole so big in this Qubes system then maybe you could run this in sys-net rather than remote-admin and have a way easier time exposing that qube.
Yes, sure. How do I do that ie. which guide should I follow?
Just do the same thing but instead of remote-admin, replace with sys-net. And then find out how you can expose a server on sys-net if it doesnât aready.
Mind opening an issue or PR for that?
Here you go Adapt to new policy format by deeplow ¡ Pull Request #1270 ¡ QubesOS/qubes-doc ¡ GitHub, but it should be reviewed by someone in the know about policy formats as I havenât tested that.
2 Likes