Whonix-Workstation Firewall
Contents
How to open a Port in Whonix-Workstation Firewall[edit]
Modify Whonix-Workstation User Firewall Settings
Note: If no changes have yet been made to Whonix Firewall Settings, then the Whonix User Firewall Settings File /etc/whonix_firewall.d/50_user.conf appears empty (because it does not exist). This is expected.
If using Qubes-Whonix, complete these steps.
In Whonix-Workstation AppVM.
Make sure folder /rw/config/whonix_firewall.d exists.
sudo mkdir -p /rw/config/whonix_firewall.d
Open /rw/config/whonix_firewall.d/50_user.conf with root rights.
kdesudo kwrite /rw/config/whonix_firewall.d/50_user.conf
If using a graphical Whonix-Workstation, complete these steps.
Start Menu -> Applications -> Settings -> User Firewall Settings
If using Non-Qubes-Whonix, complete this step.
In Whonix-Workstation, open the whonix_firewall configuration file in an editor.
sudo nano /etc/whonix_firewall.d/50_user.conf
For more help, press on Expand on the right.
Note: This is for informational purposes only! Do not edit /etc/whonix_firewall.d/30_default.conf
The Whonix Global Firewall Settings File /etc/whonix_firewall.d/30_default.conf contains default settings and explanatory comments about their purpose. By default, the file is opened read-only and is not meant to be directly edited. Below, it is recommended to open the file without root rights. The file contains an explanatory comment on how to change firewall settings.
## Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration, ## which will override the defaults found here. When Whonix is updated, this ## file may be overwritten.
See also Whonix modular flexible .d style configuration folders.
To view the file, follow these instructions.
If using Qubes-Whonix, complete these steps.
Qubes App Launcher (blue/grey "Q") -> Template: whonix-ws-14 -> Whonix Global Firewall Settings
If using a graphical Whonix-Workstation, complete these steps.
Start Menu -> Applications -> Settings -> Global Firewall Settings
If using Non-Qubes-Whonix, complete this step.
In Whonix-Workstation, open the whonix_firewall configuration file in an editor.
nano /etc/whonix_firewall.d/30_default.conf
Add. Replace 80 with the actual port you like to open.
EXTERNAL_OPEN_PORTS+=" 80 "
Save.
Reload Whonix-Workstation Firewall.
If you are using Qubes-Whonix, complete the following steps.
Qubes App Launcher (blue/grey "Q") -> Whonix-Workstation AppVM (commonly named anon-whonix) -> Reload Whonix Firewall
If you are using a graphical Whonix-Workstation, complete the following steps.
Start Menu -> Applications -> System -> Reload Whonix Firewall
If you are using a terminal-only Whonix-Workstation, run.
sudo whonix_firewall
How to open All Ports in Whonix-Workstation Firewall[edit]
This is usually not required and should be avoided.
Modify Whonix-Workstation User Firewall Settings
Note: If no changes have yet been made to Whonix Firewall Settings, then the Whonix User Firewall Settings File /etc/whonix_firewall.d/50_user.conf appears empty (because it does not exist). This is expected.
If using Qubes-Whonix, complete these steps.
In Whonix-Workstation AppVM.
Make sure folder /rw/config/whonix_firewall.d exists.
sudo mkdir -p /rw/config/whonix_firewall.d
Open /rw/config/whonix_firewall.d/50_user.conf with root rights.
kdesudo kwrite /rw/config/whonix_firewall.d/50_user.conf
If using a graphical Whonix-Workstation, complete these steps.
Start Menu -> Applications -> Settings -> User Firewall Settings
If using Non-Qubes-Whonix, complete this step.
In Whonix-Workstation, open the whonix_firewall configuration file in an editor.
sudo nano /etc/whonix_firewall.d/50_user.conf
For more help, press on Expand on the right.
Note: This is for informational purposes only! Do not edit /etc/whonix_firewall.d/30_default.conf
The Whonix Global Firewall Settings File /etc/whonix_firewall.d/30_default.conf contains default settings and explanatory comments about their purpose. By default, the file is opened read-only and is not meant to be directly edited. Below, it is recommended to open the file without root rights. The file contains an explanatory comment on how to change firewall settings.
## Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration, ## which will override the defaults found here. When Whonix is updated, this ## file may be overwritten.
See also Whonix modular flexible .d style configuration folders.
To view the file, follow these instructions.
If using Qubes-Whonix, complete these steps.
Qubes App Launcher (blue/grey "Q") -> Template: whonix-ws-14 -> Whonix Global Firewall Settings
If using a graphical Whonix-Workstation, complete these steps.
Start Menu -> Applications -> Settings -> Global Firewall Settings
If using Non-Qubes-Whonix, complete this step.
In Whonix-Workstation, open the whonix_firewall configuration file in an editor.
nano /etc/whonix_firewall.d/30_default.conf
Add. Replace 80 with the actual port you like to open.
EXTERNAL_OPEN_ALL=true
Save.
Reload Whonix-Workstation Firewall.
If you are using Qubes-Whonix, complete the following steps.
Qubes App Launcher (blue/grey "Q") -> Whonix-Workstation AppVM (commonly named anon-whonix) -> Reload Whonix Firewall
If you are using a graphical Whonix-Workstation, complete the following steps.
Start Menu -> Applications -> System -> Reload Whonix Firewall
If you are using a terminal-only Whonix-Workstation, run.
sudo whonix_firewall
See Also[edit]
Footnotes[edit]
- ↑ https://github.com/Whonix/whonix-ws-firewall/blob/Whonix13/man/whonix_firewall.8.ronn
- ↑
man whonix_firewall
Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.
Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)
Whonix is provided by ENCRYPTED SUPPORT LP. See Imprint.
Enable comment auto-refresher