UFW firewall in Sys-Net Qubes 4.1

As sys-net is the most forward facing VM, i thought it should have a firewall and installed UFW and enabled.

sudo ufw enable
sudo ufw status

I was surprised to find the following as already setup?

To Action From

SSH ALLOW Anywhere mDNS ALLOW Anywhere
SSH (v6) ALLOW Anywhere (v6)
ff02::fb mDNS ALLOW Anywhere (v6)

Is this a default UFW config? Or a default iptables for Qubes sys-net?
This VM a fedora-34-minimal template, as i thought i more secure to have sys-vms without loads of bloat (attack vector).

I dont want to allow any remote connections in, can i disable them without messing up qubes ability to update etc?
What is mDNS?
ALSO, if root is passwordless, whats stopping randoms and hackers SSH in under current rules?

multicast dns
it the dns for the local network that don’t have normal dns (.local tld)(oversimplified warning)

Thanks. @ppc
So can i remove those entries?
Is the net-vm acting as a dns server and needs mDNS to function?
I have already removed the SSH rules.

unless you have another device that severing a .local tld website, no, you can remove it

1 Like