sys-firewall - limit traffic to * on TCP port 443.
I tried ping google from sys-net and sys-firewall terminal.
From sys-net domain+ip went through, sys-firewall only ip.
* ping uses ICMP which the firewall will always let through unless you use qvm-firewall
* DNS queries are routed by Qubes OS to the netvm, which is in your case sys-firewall
* once you allow UDP port 53 in the firewall settings in sys-firewall DNS should work
Updates are also not working.
Well, they need DNS. ... and also Fedora will try to contact some HTTP URLs
If you don't want to allow HTTP in sys-firewall, you can
1. clone it to sys-update
2. set sys-update as updatevm and in the policy for updates
3. allow HTTP for sys-update
4. set "provides networking" to false for sys-update
That means sys-update will be used as update proxy but no other qube can use it as network (netvm).
According the doc, you don't need to do that.
Firewall policy which is see with qvm-firewall sys-firewall:
0. tcp 443
1. dns
2. icmp
3. drop
I still can't solve the problem.
sys-firewall - limit traffic to * on TCP port 443.
I tried ping google from sys-net and sys-firewall terminal.
From sys-net domain+ip went through, sys-firewall only ip.
Don't set firewall rules directly on sys-firewall. Set them instead on the AppVMs that connect through sys-firewall.