I tried doing this without the cloudflare and when I go to the web interface nothing is logged.
when I ran the script I got errors:
$ ./qubes-ip-change-hook
./qubes-ip-change-hook: line 4: iptables: command not found
./qubes-ip-change-hook: line 7: iptables: command not found
./qubes-ip-change-hook: line 11: iptables: command not found
./qubes-ip-change-hook: line 16: /proc/sys/net/ipv4/conf/default/route_localnet: Permission denied
I tried to install iptables and it didn’t make it any better:
$ ./qubes-ip-change-hook
./qubes-ip-change-hook: line 4: iptables: command not found
./qubes-ip-change-hook: line 7: iptables: command not found
./qubes-ip-change-hook: line 11: iptables: command not found
./qubes-ip-change-hook: line 16: /proc/sys/net/ipv4/conf/default/route_localnet: Permission denied
$ sudo bash ./qubes-ip-change-hook
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
What did I do wrong?
You used a script for 4.1 in Qubes 4.2
4.2 has moved wholly to nftables, so those iptables rules wont fly -
just installing it wont work because the table/chains are completely
different than those referenced in the script. (If it’s genuine
iptables, and not the “nftables disguised as iptables”, then you will
have to account for complex interactions between this and nftables - in
general its best not to do this at all.)
I havent looked at the script bit it shouldn’t be difficult to rewrite it
for the firewall structures in 4.2 and use of nftables.
oh i should have known that
but didn’t