I think Qubes should have a Firewall-manager.
It should be a GUI tool to configure firewall rules for all qubes like connection to IPs, DNS, ICMP, Ports etc.
It should be able to manage port-forwarding, blocking connections to websites, allow connections to limited servers and websites.
It should have some method to alert users about mis-configurations or just deny that.
It should be able to handle fail-close mechanisms for VPN etc.
It should be able to handle SOCKS and HTTP proxies.

Current qubes-settings and qubes-manager are incompetent in this area (AFAIK about this). For eg. we can only manage restrictions for IP settings from settings of individual qube. For DNS and ICMP, you need qvm-firewall. Same goes for Qubes-Manager (contains no such features)
What is your opinions about it.


You may be interested in this discussion:

I have used http proxy setup some time back for restrictions. But It could be great to see a GUI tool for managing firewalls of every qube. Maybe this is more kind of Qubes-devel discussion and feature request.

This could also be great for community contribution.

I agree with @wobo 's request. While the solution described here works, it requires gymnastics to identify and add websites that should be whitelisted, and I failed to get it to work for my email in Thunderbird.

Also, I never figured out how to get the Qubes Settings Firewall rules to work.


3 posts were merged into an existing topic: Qube Settings Firewall rules do not work

Move the topics to an separate thread as it was a bit off-topic from this one.