Dear Qubes community,
i am interested in your ideas on how you would set up a Qube as secure as possible to connect to a single ordinary internet site (not a VPN network) accessed directly via its IP address.
My ideas are:
1) Edit the Qube's firewall via dom0 as follows:
$dom0: qvm-firewall NAME-OF-QUBE del --rule-no 0
$dom0: qvm-firewall NAME-OF-QUBE add --before 0 drop
$dom0: qvm-firewall NAME-OF-QUBE add --before 0 accept 127.127.127.127/32 proto=tcp 443
2) Go into the dom0-Qube settings and turn on the disable-dns-server service.
With these two settings, there should really be no DNS traffic anymore, right?
What else would you do?