Well those who dont know Qubes os uses firewall to manage traffic from, to and through it. That firewall is called ‘nftables’ which governs the rules based on which the connection over the internet are made and accepted or rejected. Now to make those rules is a difficult part for the noobs like me. You need to have understanding of networking and all. So for the non tech users to be able to utilize their firewall. users with knowledge can share predefined nftable templates and in few words describe what it does. Or say if someone is willing to help and if someody post a request for a particular firewal rules in this thread, may help with a custom ruleset. Another thing that could be done is to paste your own ruleset with a brief discription for others to use it. What yall say?
what do you want to do? There are few reasons to manipulate nftables in Qubes OS.
Can you please elaborate what are those reasons. If those reasons help with security or ease of use with security then why not.
Be able to use firewall as it is intended to be and not only rely on the generic default firewall rulesets that comes by default with qubes OS
Qubes OS blocks all incoming traffic, so it is already secure.
Filtering outgoing traffic from a qube should be done using qvm-firewall
in dom0 or the Firewall tab in the qube settings. These rules are done on the qube’s netvm, so they can’t be altered by the qube itself.
Reasons I can think of that requires fiddling with the firewall:
- killswitch for a VPN (but it is better to handle it with qvm-firewall as it does not depend on the qube itself)
- fixing MTU problems with VPNs
- doing NAT to redirect traffic from a qube to another
- open ports to allow two qubes to communicate directly to each other