I don’t know much about networking. However based on what I do know, I would think forcing an adversary through an additional operating system would offer more protction than just one. Could adding a firewall using fedora, a community supported template, or perhaps something like FreeBSD or OpenBSD be good?
solene
January 2, 2024, 1:01pm
2
You could try with OpenBSD following this guide explaining how to use it as a NetVM
opened 12:29PM - 04 Sep 19 UTC
T: enhancement
C: other
security
P: default
**The problem you're addressing (if any)**
The NetVM is exposed to a wide varie… ty of attacks, and it's the first line of defense in hostile local network environments. (e.g there is evidence certain Middle Eastern countries have been building infrastructure to automatically attempt exploiting every device connected to public WLAN networks)
There is demand (see #4551) for running OpenBSD as a VM but efforts are stalled due to OpenBSD's lack of PV support. Since the NetVM is run in HVM mode, PV support is not necessary in this application.
**Describe the solution you'd like**
OpenBSD offers well-reviewed driver code, high code quality, innovative exploit mitigations, excellent hardware support, low resource consumption, and a much smaller attack surface than Linux. OpenBSD also offers a [much simpler](https://www.openbsd.org/faq/faq6.html#Wireless) approach to connecting to wireless networks than does Linux.
**Where is the value to a user, and who might that user be?**
Adding it as a NetVM would likely increase resistance to attackers on the local network, and increase the diversity of the system (from the current-best MirageFW+Linux to OpenBSD+MirageFW+Linux).
**Related, [non-duplicate](https://www.qubes-os.org/doc/reporting-bugs/#new-issues-should-not-be-duplicates-of-existing-issues) issues**
https://github.com/QubesOS/qubes-issues/issues/4551