Note that if you only configured your firewall rules using GUI then ICMP and DNS are not blocked by default as noted at the bottom of the Firewall rules tab. You need to use qvm-firewall in dom0 terminal to block ICMP and DNS.
Thanks, can you tell me which command to enter to block dns?
You need to do this in dom0 terminal, for example for sys-vpn qube:
Remove ICMP accept rule:
qvm-firewall sys-vpn del proto=icmp accept
Remove DNS accept rule:
qvm-firewall sys-vpn del specialtarget=dns accept
Check current sys-vpn firewall rules:
qvm-firewall sys-vpn
Also note that if you block DNS for your sys-vpn then you won’t be able connect to your VPN in sys-vpn if it’s using domain to connect. You’ll only be able to connect using IP addresses.
I also want to block ICMP but
qvm-firewall sys-net del proto=icmp accept
(or sys-firewall)
returns with
x not in list
reset Disable ping
also does nothing.
This seems to work.
What else to block and stop probing?