Firewall rules need to be regularly reapplied

Hi folks,

I have a qube that I use for checking email with client. I have the firewall rules for that qube set to only allow connections to the mail servers I interact with, and only on the ports relevant for mail.

I’m noticing that the rules get lost. For example, quite often when I hit send on an email, I get a “no route to host” error that is solved by going into the firewall settings and clicking Apply. I find myself doing this enough times in the day that I generally just leave the window open.

Is this an intended behavior? Is there something I can do to make the firewall rules for this qube more sticky?


could you share which version of Qubes OS you are using, and which template?


Note that if you specify a rule by DNS name it will be resolved to IP(s) at the moment of applying the rules, and not on the fly for each new connection. This means it will not work for servers using load balancing, and traffic to complex web sites which draw from many servers will be difficult to control.

You may be interested by this thread:

Woops forgot that important info…

This is Qubes 4.1.2, and the template in question is debain-11.

1 Like

Thanks @szz9pza, it does indeed seem like the issue I’m hitting is the one mentioned in the Note you posted regarding DNS and load balancing. I think that makes this expected behavior, even if not necessarily intended.

I will have to read the thread you reference when I have a bit more time to think about this.

yeah it is, tried that myself a few years back with gmail and failed, might give rooftops proxy idea a go though, thanks for the link