Configuration is to allow TCP and UDP port 53 to * and I still cannot do any DNS lookups.
Ping 1.1.1.1 returns Packet Filtered.
Can only access DNS and Ping from the appVM if I select the Allow all outgoing Internet connections radio button.
neither sys-net nor sys-firewall has any references to port 53 in their iptables -L output. It seems that the rules from the GUI might not be making it into the config?
Docs say “Rules are implemented on the netvm.” But running iptables -L in the netvm doesn’t show the rules I created in the GUI. (either in sys-net or sys-firewall)
Sep 29 12:26:08 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:27:48 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:39:31 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:40:00 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:41:02 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:42:07 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:42:08 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:42:47 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:42:55 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:47:07 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:47:08 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:47:08 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:47:10 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:47:13 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:50:23 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:53:21 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
Sep 29 12:53:53 sys-firewall qubes-firewall[520]: Failed to parse rules for 10.137.0.38 (Failed to resol>
I agree with @ppc here… Forums represent a knowledge base. Even if you feel it was some elementary mistake - someone else may be in that exact situation in future and rely on your post to help them. The forum has a stance on post deletion and getting around this by editing posts to things like “please delete” and a totally useless “solved” solution is not helpful to other users who may encounter the same issue.
I have now reverted the post edits so the solution can be useful for others. @bowtiediguana, if you do not wish to have your questions and solutions public, please don’t post them on a public forum.
Otherwise this would be a private consultation platform, which it clearly isn’t. Anyways, I hope you understand our reasons. If you wish, we can anonymise your account (see How can I delete my forum account?) but I don’t really see the point. Also you’re posting from a nickname, not your real name.
Furthermore, there is no such thing as a wrong question here. The only wrong questions are the ones that don’t get asked.
Thanks mods, you’re right, I didn’t think this through! Thought I’d make a schoolboy error and didn’t want to take people’s time investigating, but actually there is something here:
if you enter a hostname (not IP address) into the Qubes Firewall configuration GUI AND the host does not resolve (either typo or your DNS is down at the exact time you hit apply) it fails, silently (unless you count the log in sys-firewall) AND blocks all traffic from the affected appVM.
Should be a pop up box in the Dom0 dialog which just got applied reporting the failure?