How to re-enable firewall rule editor GUI in AppVM in Qubes OS 4.0

Posted: 2019/06/16 in Qubes OS, Security
Tags: , , , , , , , ,

Imagine you have an AppVM called appvm1 which is based on a TemplateVM called templatevm1 in Qubes OS 4.0

Imagine you get the error “Firewall has been modified manually – please use qvm-firewall for any further configuration.” when trying to use the Firewall rule editor GUI via Qube Manager for the AppVM called appvm1.

Solution procedure so that you can use the firewall rule GUI again for that AppVM:

Inspect the existing list of active firewall rules for your TemplateVM using following command (replacing templatevm1 with the actual name of your TemplateVM):

sudo qvm-firewall templatevm1 list

Run following command several times in Dom0 until there are no rules left for the TemplateVM (replacing templatevm1 with the actual name of your TemplateVM):

sudo qvm-firewall templatevm1 del --rule-no 0

Then run following command to set a single default rule in that virtual machine (replacing templatevm1 with the actual name of your TemplateVM):

sudo qvm-firewall templatevm1 add action=accept

Then run this exact same qvm-firewall procedure for the problematic AppVM appvm1

Then reboot your PC and the firewall GUI should be working fine again.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s