Networking cli questions

User Support
1
  • I’m confused about the CLI syntax and its basis.

  1. What is the correct syntax for qvm-firewall? Is this the official documentation?
    qvm-firewall – Manage VM outbound firewall — Qubes Admin client v4.3.25-0-ga5ea121 documentation

  2. I tried qvm-firewall vmname add drop icmp to block ping, but it didn’t work. What’s wrong with that command?

  3. I ran qvm-firewall vmname reset before checking the default rules with list. How do I restore the original defaults (with DNS and ping allowed)? What should the default rule list look like so I know it’s back to normal?

2

Yes

Well, you found the documentation, right? It’s not 100% clear, but it’s stating clearly the command structure. Long story short, correct command is:
qvm-firewall vmname add --before=0 drop proto=icmp
Note that “–before=0” is needed in order to process this rule before other (allow) rules.

“0 accept - - - - - - -”