As sys-net is the most forward facing VM, i thought it should have a firewall and installed UFW and enabled.
sudo ufw enable
sudo ufw status
I was surprised to find the following as already setup?
To Action From
SSH ALLOW Anywhere
224.0.0.251 mDNS ALLOW Anywhere
SSH (v6) ALLOW Anywhere (v6)
ff02::fb mDNS ALLOW Anywhere (v6)
Is this a default UFW config? Or a default iptables for Qubes sys-net?
This VM a fedora-34-minimal template, as i thought i more secure to have sys-vms without loads of bloat (attack vector).
I dont want to allow any remote connections in, can i disable them without messing up qubes ability to update etc?
What is mDNS?
ALSO, if root is passwordless, whats stopping randoms and hackers SSH in under current rules?