Is there a way to disable clearnet traffic of Qubes OS? I already searched for this, but have so many problems like Fedora Phone home, Qubes Time Sync and Qubes Update Check.
you can setup Whonix-GW as net-VM for all your app qubes and you don’t have any clearnet traffic anymore, but then question is - why you’re using QubesOS? A Whonix or Tails OS also would do the job.
1 Like
The first part of this is not true.
All this will do is make the traffic from some of your qubes pass
through Tor.
You will still be left with traffic from sys-firewall, (assuming that is
the netvm of Whonix-GW,) and sys-net. Some of this will come from those
service qubes and some from Qubes services, like dom0 update, clock
qube. You can control the latter from Qubes Global Settings.
You will also want to restrict outbound traffic from sys-firewall and
sys-net, and make sure that there are no unnecessary services running in
those qubes. (You can set custom nftables rules to deny outbound
traffic from those qubes.)
The second part is equally wrong: neither will provide the
compartmentalisation that Qubes offers.
When I comment in the Forum or in the mailing lists I speak for myself.
You can’t. This will pass your Qubes Traffic through tor, yes, but you keep having some clearnet traffic from dom0. I want to use Qubes OS because this OS is much more secure than Tails. And its a daily driver. I already use Whonix on Qubes, but i don’t use only Whonix on Qubes.
So i need to restrict sys-firewall firewall rules to have only tor traffic on Qubes? Sorry if i didn’t understand.