SIMPLE AFTER INSTALL CONSIDERATIONS…
Network Mac Address Randomization: very easy out of the box step.
Unless your mouse or track-pad is precocious!
And while you are there - consider disabling IPv6!
ohh well [image]
If that’s mis…
Onionize Your Updates before you start updating:
5min DNS BLOCKER - UNLESS you don’t know what you are doing!
Hello everybody,
Sorry for not answering earlier. I made another script and tested it on a fresh installation of Qubes 4.2. The script creates two VMs: one for data and one for DNS. You just need to run it, and the script will ask you to name the VMs. Then it will do all the work.
#!/bin/bash
# Configuration
BASE_CLONED_TEMPLATE="d12m-datagate"
DATAKEEPER=$1
GATEKEEPER=$1
DATAKEEPER_IP=$1
GATEKEEPER_IP=$1
TEMPNET=$1
MINIMAL_TEMPLATE="debian-12-minimal"
LOG_FILE="/var/log/qubes-blocky-install…
Browser considerations:
I’ve known about this ever since I installed my own DNS qube a while ago, but now I just gotta ask… why the hell is Firefox allowed to be the default browser on a privacy/security OS when every time I launch it it wants to call all of its friends back home? Literally all of them, even its grandma.
Sample roster of domains Firefox (at least the one in the Fedora templates) likes to call on every launch:
contile.services.mozilla.com
detectportal.firefox.com
push.services.mozilla.com
content-sig…
Install appropriate alternatives for your threat model.
Consider installing LibreWolf or Mullvad - Or of course - using Tor Browser if you need a browser on hand before starting or after you have finished configured your templates. Alternatively:
And of course - If you need a VPN (FREE OR PAID)
Good news, with fedora-38 the network manager supports Wireguard out of the box!
The only thing required are extra firewall rules in the VPN qube, as explained in the community documentation about VPN .
And If it is all too hard?
EASY (FREE AND NOT FREE) VPN / Tor-VPN / Hardware Tor - VPN:
I’ve cloned default pristine fedora template to tmpl-protonvpn-fc42.
In that template I’ve installed ProtonVPN-app GUI.
On base of that template I’ve made sys-vpn-tmpl - for ease of creation.
Then I’ve cloned sys-vpn-tmpl to:
sys-vpn-crypto
sys-vpn-forums
sys-vpn-shopping
sys-vpn-torrent
sys-vpn-untrusted
sys-vpn-youtube
I’ve run proton in each of those sys qubes to login and configure. Some vpn’s have same exit country as mine, some have not.
Then I use (if you set particular sys vpn as N…
Well… That all depends.
If you trust this guy as much as I do:
then its pretty much plug and play for the price of an RPi, and 90 bucks a year.
Of course you don’t actually need the RPi, but that’s what makes it easy!
NOTE
The hardware option will inevitably force your entire machine (All Qubes) through the same VPN tunnel:
Qube/S > With or withoutTor > Hardware VPN > Outside world
Theoretically…
If that is not to your liking, and IF it is possible in Qubes for you to configure Ethern…