Blog

Running Docker in a Qubes OS AppVM requires one extra step: making Docker state directories persistent across reboots.

This discussion on Qubes OS forums goes into details of creating a proxy-vm. I suppose it would be beneficial to add a killswitch on top of this to prevent IP leaks in case of a proxy failure, or before the tun0 interface is fully initialized. Here’s how:

Some tools support delegation of services to a remote address, but sometimes they try to resolve DNS themselves using the local DNS resolver. The resolver would get an onion address and issue a DNS error because it doesn’t know how to resolve .onion, even if the machine itself is torified. You can use socat to create a local interface that binds a local port to an onion address, so that the tool won’t try to resolve the domain.

Services like Tailscale and reverse shells won’t work until you relax the firewall to allow them… …