I’m working on a proxy-related project (I’ll post here if it works and I deem it valuable enough to share! I don’t think it will be, however) and I’ve run into an issue
I’ve got everything working on the qube’s network itself. But, when a new qube connects, it gets its own device, complete with its own eth0 connection. From my testing, no http traffic touches iptables?
Ideally, either my iptables rules will apply to all devices (which it doesn’t seem to do)
I’m not a iptables god, but i presume it usually goes on SQL logic. With reducing scope. You’ll notice, no device was specified, so shouldn’t it apply to all devices?
I am logging every chain, and sometimes the qube will touch it, but certainly not when new https connections are established…
Have you looked at the nftables rules? The default rules were migrated there away from iptables iirc, and it looks like it’s not the same underlying data and I don’t know what happens when both are active.
sudo iptables-save is empty on one of my qubes, while sudo nft list ruleset gives a lot of output.
They look very similar but I’m not nearly as familiar with nftables commands and can’t give you equivalents for what you’ve written, but this might be enough to see if your traffic’s being caught by an nft rule before it gets to iptables.