I have a VM that has sys-firewall as netqube. However under firewall rules, I set “limit outgoing connections to…” with nothing underneath. (Actually my real setup is having local LAN address there, but I removed that for this post to better demo my issue.)
Although I can’t web browse to e.g. qubes-os.org (nice), can anyone tell me… why can I run “ping qubes-os.org” (very bad!)?
Is this a security hazard? I was expecting NO internet access, but turns out the qube could ping the internet all along!?
On the same firewall tab, you will see a note at the bottom explicitly stating that DNS and ICMP requests will still pass through the firewall even if it is set to block outgoing connections.
If you want to remove these, you will need to use the qvm-firewall cli tool from a dom0 terminal.
First, when “limit outgoing connections to” is selected, the warning about ping/icmp should appear in red color (to make it more obvious).
Even if I delete ping/icmp using qvm-firewall, when I modify those IP addresses again, those ping/icmp allow rules just magically come back. Very unexpected/dangerous. (What about at least showing the output of qvm-firewall <qubename> list right there in the UI? This way the user would see those ping/icmp things pop back in place.)
I remember seeing some similar suggestions in the past, but nothing was done about it. It’s probably because you can’t control it from this interface.
For your usage, I think it would be better to familiarize yourself with the qvm-firewall cli instead of the interface, since it gives you more control over what you want to allow.
the firewall UI should be disabled after you used qvm-firewall with the red message Firewall has been modified manually. Please use the ‘qvm-firewall’ command in dom0 for any further configuration.
I even noticed that just hitting OK on the VM’s settings (even if the “firewall” tab is never opened), all the previous changes to qvm-firewall are just overwritten (and those ping/icmp just pop right back in place).
Anyone here agrees this is a serious security vulnerability? (How is the user supposed to expect such behavior?) Can someone here notify the devs?
did you open the qube settings before running qvm-firewall? If saying “ok” to close the settings window it removes all qvm-firewall rules, it’s a race condition and it’s indeed a security issue that should be reported.
Do you know how to fully reset the firewall, such that I can once again start configuring the firewall using the GUI? Apparently just doing reset with qvm-firewall doesn’t go that far.
Is it really a one way street? Once you’re into qvm-firewall, there’s no turning back?