UFW firewall in Sys-Net Qubes 4.1

naverone · December 19, 2021, 2:50am

As sys-net is the most forward facing VM, i thought it should have a firewall and installed UFW and enabled.

sudo ufw enable
sudo ufw status

I was surprised to find the following as already setup?

To Action From

SSH ALLOW Anywhere
224.0.0.251 mDNS ALLOW Anywhere
SSH (v6) ALLOW Anywhere (v6)
ff02::fb mDNS ALLOW Anywhere (v6)

Is this a default UFW config? Or a default iptables for Qubes sys-net?
This VM a fedora-34-minimal template, as i thought i more secure to have sys-vms without loads of bloat (attack vector).

I dont want to allow any remote connections in, can i disable them without messing up qubes ability to update etc?
What is mDNS?
ALSO, if root is passwordless, whats stopping randoms and hackers SSH in under current rules?

ppc · December 19, 2021, 3:25am

multicast dns
it the dns for the local network that don’t have normal dns (.local tld)(oversimplified warning)

naverone · December 19, 2021, 5:38am

Thanks. @ppc
So can i remove those entries?
Is the net-vm acting as a dns server and needs mDNS to function?
I have already removed the SSH rules.

ppc · December 19, 2021, 6:02am

unless you have another device that severing a .local tld website, no, you can remove it