Qubes OS is using random MAC address for WiFi and persistent MAC address for Ethernet connections by default.
Although the MAC address is not the only metadata broadcast by network hardware, changing your hardware’s default MAC Address could be an important step in protecting privacy .
Qubes OS 4.1 and later already anonymize all Wi-Fi MAC addresses by default - they change during every Wifi session. So there is no need to apply any of the instructions below if you’re only interested in Wi-Fi connections. Users requiring Ethernet MAC address anonymization may want to read on.
chrysstyann1:
Another very odd situation happens with sys-firewall. I restarted it several time and I was checking nftables when I discovered that sometimes the following rules appear wrong even though I didn’t change anything.
chain custom-forward {
iif 2 ip daddr 10.137.0.18 tcp dport 8989 ct state established,related,new counter packets 0 bytes 0 accept
}
chain custom-dnat-droppy {
type nat hook prerouting priority filter + 1; policy accept;
iif 2 tcp dport 8989 ct state established,related,new counter packets 0 bytes 0 dnat to 10.137.0.18
}
Note the iif 2 instead on iif == “eth0”
With iif 2 all the config doesn’t work. I need to add new rules with iif == “eth0” . But I don’t understand why and what changes that value. If I put it in /rw/config/qubes-firewall-user-script why it doesn’t keep it like that?
I don’t know what could change iif == "eth0" to iif 2.iifgroup 1 instead of iif == "eth0".