Hey guys, I'm trying to make the following guide working on Qubes 4.2 and translate it into English:
https://github.com/hexstore/qubes-proxy/tree/main
This is my fork:
https://github.com/glockmane/qubes-proxy
✅ Translation with DeepL
🚧 Convert iptables to nftables
This is the iptables part:
https://github.com/glockmane/qubes-proxy/blob/main/restrict-firewall
And these are the lines I cannot translate:
| ---
**Transparent Proxy Qube with sing-box**
*Quick Start Guide*
**dom0 terminal:**
|
iptables -P FORWARD DROP
iptables -D INPUT -j DROP
if iptables -C INPUT -i vif+ -p icmp -j ACCEPT; then
iptables -D INPUT -i vif+ -p icmp -j ACCEPT
fi
if iptables -C INPUT -i vif+ -j REJECT --reject-with icmp-host-prohibited; then
iptables -D INPUT -i vif+ -j REJECT --reject-with icmp-host-prohibited
fi
| qvm-create sys-proxy --class AppVM --label blue
qvm-prefs sys-proxy provides_network true
qvm-prefs sys-proxy autostart true
qvm-start sys-proxy
qrexec-client -W -d sys-proxy user:'sh <(curl --proto ";=https" -tlsv1.2 -SfL https://raw.githubusercontent.com/glockmane/qubes-proxy/refs/heads/main/install.sh)'
|
Thanks for help! | **sys-proxy terminal:**
*Configure Proxy:*
```
sudo nano /rw/bind-dirs/etc/sing-box/config.json
```
*Configuration example:*
https://sing-box.sagernet.org/configuration/outbound/socks/
*Reboot and check sing-box status:*
```
reboot
journalctl -ft sing-box
```
---
*Based on the following guide and install script, but translated from iptables to nftables:*
https://github.com/hexstore/qubes-proxy/tree/main
*Link to my fork:*
https://github.com/glockmane/qubes-proxy |