palainp
commented
1 year ago Hi, if we can do anything to help for the review process don't hesitate :)
Open palainp opened 1 year ago
palainp
commented
1 year ago Hi, if we can do anything to help for the review process don't hesitate :)
100111001
commented
1 year ago As long this issue is open, here are scripts for installing the mirage firewall:
Saltstack script - install and update to the latest version. Only hash sum of the build is verified - no further security measures: https://gist.github.com/100111001/4eca0f78ed69d597d562a1515168fa6c
Based on this bash script: https://github.com/one7two99/my-qubes/tree/master/mirage-firewall
Dev: @hannesm , @palainp PoC: https://github.com/mirage/qubes-mirage-firewall
The problem you're addressing (if any)
The Qubes Mirage firewall aims to provide a unikernel for the firewalling task inside Qubes, allowing to replace the current Linux kernel firewall.
The solution you'd like
The Qubes-Mirage-Firewall is binary reproducible. We have a CI system based on GitHub actions that ensures this reproducibility. We also gather the build input for each build on a daily basis. See e.g. the build https://builds.robur.coop/job/qubes-firewall/build/14878d91-62b2-4ad8-bde5-acb23f6c6575 that contains:
Since the OCaml ecosystem is moving, and the qubes-mirage-firewall depends on several OCaml libraries, we do daily rolling builds on builds.robur.coop. Each qubes-mirage-firewall will have the system-packages and OCaml sources annotated for reproducing the exact same binary.
We can in the future build templates with qubes-builder-mirage (but have not tested recently) and the template can boot with pvgrub2-pvh (unfortunately we still have an issue with template postint scripts :/).
The current state of qubes mirage firewall is usable as a daily firewall (there still some work to be done for allowing uplink to be dynamically changed, this will also eventually permit to use a BSD AppVM as net-vm, and performances are not so far from a Linux kernel firewall (iperf on two AppVM, a firewall between, we have a ratio around 75% (TCP) and 90+% (UDP)).
Users are often asking for an easier way to install the firewall than the actual "copy from AppVM to dom0".
The value to a user, and who that user might be
The benefits are a fastest boot time, a less memory footprint and a completely different codebase than the actual Linux kernel firewall which should reduce the possibiliy of remote exploit usages.
Reception on the qubes-devel list (https://groups.google.com/g/qubes-devel/c/ZcR01kc3dz4) and as well on the Qubes forum (https://forum.qubes-os.org/t/questions-about-mirage-firewall/11252/4 and https://forum.qubes-os.org/t/mirage-firewall-0-8-3-released/14774/2) and on github (https://github.com/mirage/qubes-mirage-firewall/issues/115) let us think that this firewall can find some value to users.
Suggestions to improve qubes-mirage-firewall are more than welcome!