ddevz
September 7, 2021, 4:28pm
8
Note this is actually difficult in qubes due to everyone using CDN’s with many IP addresses nowdays. (if you’d like to discuss this topic please post in one of the following threads)
I want to set firewall rules that only allow updating windows 10.
Currently, the rules limit outgoing internet connections to:
dl.delivery.mp.microsoft.com
download.microsoft.com
update.microsoft.com
windowsupdate.microsoft.com
windowsupdate.com
wustat.windows.com
ntservicepack.microsoft.com
go.microsoft.com
download.windowsupdate.com
This is my approximation of the official list (Step 2 - Configure WSUS | Microsoft Docs ).
But windows update would start then immediately stop and say it can’t…
One proposed solution:
A common requirement seems to be the ability to restrict a qube’s access to a certain subset of websites; something that is difficult to achieve using the firewall rules due to multi-hosted websites/CDN’s etc.
The following is a description of one way to setup a qube with restricted website access using only software that is already installed in Qubes OS.
Create a qube based on template:fedora-32 or fedora-33, lets call it my-proxy. Set its networking to sys-firewall.
[Screenshot_2021-03-12_1…