I would like to understand the Qubes services internal with the example of qubes-iptables and qubes-firewall that are enabled in a proxyVM.
I understood this is linked to the systemd behaviour, but struggle to go a bit deeper.
First thing: as there is no qubes-firewall and qubes-iptables files in the /var/lib/qubes-services, I understand I cannot manipulate theses service with the qvm-service cmdline. However, I also noticed that there is a ‘cups’ file in this directory, but qvm-service -l PROXYVM does return an empty line. I would have expected that all files in /var/lib/qubes-services would return onea dedicated line to this command, but this is not the case. Am I missing something here?
Then, going back to my two services qubes-iptables and qubes-firewall: what are the exact execution steps that are followed to execute in the end these two services in the proxyVM?
Let’s say I want to disable them from the associated template VM, what would be the good way?