In what ways are the templates segregated/protected from the internet? I read that they connect via a proxy and I see that their NetVM is “default (n/a)” while the qubes NetVM is “sys-firewall” but why is that safer than a direct connection? I was able to log into a template and add a repository and download the key through the proxy which got me wondering.
1 Like
It prevents you from, e.g., accidentally browsing the web in your template. I think the primary purpose is to prevent footgun-style user mistakes.
In general, Qubes doesn’t try to limit user freedom. In fact, if you want to connect your template to the Internet by assigning a NetVM, you can do so.
2 Likes