A sys-whonix currently does it's job as a ProxyVM, but not as a FirewallVM. It currently ignores QubesDB `qubes-iptables` entries. Therefore, for example, any TemplateVM using sys-whonix as its NetVM does not block the TemplateVM from using the open (torified) internet.
I wonder if this FirewallVM functionality should be implemented in Whonix?
Any suggestion on how to implement it without re-inventing qubes-core-agent-linux/network/qubes-firewall? Or refactoring the Qubes code so Whonix can just call the required portion of it?
For QVMM... Could we somehow have multiple settings per VM?
If all three are set, Qubes would lead the traffic: VM -> ProxyVM -> FirewallVM -> NetVM?
Because there is also some confusion about the terminology...
Users can currently configure the NetVM of any VM. I am wondering if we are overloading the terms. The NetVM is the VM that is primarily defined as a VM that has access to physical network hardware and that establishes actual network connections to the ISP.
Currently a user could tell a story "I set the NetVM of my debian-8 TemplateVM to sys-whonix. And sys-whonix uses sys-firewall as its NetVM. And sys-firewall uses sys-net as its NetVM."
At the end it's like saying "setting the NetVM setting to the NetVM".
Q: "What's your NetVM?"
A: "My sys-net or the NetVM of my VM?"
Related (or duplicate):