Yes, following a guide that is still being worked on by @Plexus.
thanks very much, really helpful for everyone.
sys-njalla is one of my VPN providers and that qube uses the Qubes OS
firewall to make sure sys-njalla can only connect to the respective VPN
servers and nothing else.
not sure, whether my understanding is correct,
all traffic, to various IP destination, are encrypted by sys-vpn,
and will be decrypted in VPN server, somewhere outside our device,
before then being forwarded to various IP destination.
so, if sys-vpn, resides before sys-firewall,
does it mean, sys-vpn doesn’t know, what IP is blocked by sys-firewall ?
also, does it mean, sys-firewall doesn’t know,
whether the encrypted traffic, sent to VPN server, by sys-vpn,
contains the blocked IP or not ?