Would you let my Qube, which is supposed to connect to only one IP address on
the internet, be based on an extra firewall-vm? Would that more secure?
You could do this: it would have one particular advantage, in that you
could set custom rules in sys-net to restrict access from that
sys-firewall to the specified IP address.
Do you have an example of the command line commands you use to set such custom rules in an ordinary debian or fedora sys-net?
In the Qube settings for the services there is the service
"disable-default-route". I have not found anything about what it does. In my
case, would it be better to leave it on or turn it off?
man qvm-service - this service will remove the default gateway entry. So
a qube would be able to access immediate neighbours but not step beyond.
It's not what you want here.
What are the immediate neighbors of a qube?
Can both a qube using the default route and a qube with the disable-default-route service turned on access its immediate neighbors, or only a qube with the disable-default-route service turned on?
In what situation is it useful for a qube to be able to access its immediate neighbors?
All the best