Currently I am whitelistening some Google services using a script like this, which works fine:
qvm-firewall $fw_qube add accept proto=tcp dstports=443 dsthost=“accounts.google.com”
qvm-firewall $fw_qube add accept proto=tcp dstports=443 dsthost=“calendar.google.com”
Now Google urges me to whitelist entries like “*.clients[N].google.com:443/HTTPS”, where [N] means any single decimal digit and * means any string not containing a period.
Is there some way to implement such a rule to my script?
You could try with
pattern matching (aka regular expression aka regex).
Also note, from https://www.qubes-os.org/doc/firewall/#network-service-qubes:
In particular, if you want to ensure proper functioning of the Qubes firewall, you should not tinker with iptables or nftables rules in such qubes (a qube that is used to run the Qubes firewall service (usually sys-firewall))
Some starting point.
spoiler: the algo seems to not be
Thank you for the answer, this does help a little bit. Seems like qvm-firewall has its limits.