You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As stated in @DemiMarie's comment (QubesOS/qubes-issues#3792 (comment)), a few improvements need be done to have qubes-mirage-firewall a replacement for the default linux sys-firewall. So far:
the ethernet stack need to be tested/audited, maybe some fuzzing tests can be used?
the speed of the unikernel should be improved (see Slower bandwidth compared to sys-firewall #130, to me the main issue is the absence of TCP Segmentation Offload which shows lower bandwidth in iperf-like tests, but as a daily fw it's not a bottleneck on my laptop, and with TSO desactivated it has not so far performances from linux)
And as side note:
it now can use *BSD as netvm, and at least one user is using it like that (netvm is HardenedBSD, fw is qubes-mirage-firewall, AppVM are classic linuxes)
As stated in @DemiMarie's comment (QubesOS/qubes-issues#3792 (comment)), a few improvements need be done to have qubes-mirage-firewall a replacement for the default linux sys-firewall. So far:
And as side note:
Any comments, and other requests, are welcome :)
The text was updated successfully, but these errors were encountered: