Wildcard subdomain help with Firewall

Hi there,

I’m quite new to Qubes but can’t figure out either through the documentation or in the GUI how to set wildcard subdomains for a particular Qube.

I have a qube set up which needs to sync with two online services, and I’d like to block all other traffic. The services are dropbox and zotero.

In order for the dropbox background app to work, it seems to need access to *.dropbox.com, but the firewall rules in the Qube settings doesn’t let me set such wildcards. I can only allow dropox.com, not *.dropbox.com

I haven’t tried Zotero yet, but I’m guessing I will need similar wildcard access.

Am I missing something, or do I need to set up something a bit more complicated via qvm-firewall?

Thanks in advance,


Edited to add:
The Qube is running Fedora 32, kernel is 4.19.132-1
Qubes is 4.0.3 and pretty much everything else has been left at default

1 Like

You need to set up something more complicated.
The Qubes firewall resolves addresses to a single IP, so you cant use a
wildcard like that.
One thing you can do is get a list of the necessary IPs, and then
insert them using qvm-firewall. Or do the same thing in your firewall
qubes leveraging a script in qubes-firewall-user-script in /rw/config.
This will set up the individual firewall rules that you need when the
firewall boots up.

1 Like


That is a pity as I don’t think a complete list of the domains exist. I’ve looked at the dropbox documentation and it says to enable *.dropbox.com

I have enough server on the network, so perhaps I can set up something to rsync the /home/ directory and have that syncing with dropbox but I would have preferred to have sync enabled as I means that as I autosave, I’m backing up to the cloud.