Firewall VM Template Security

Hello, I changed my sys-firewall vm to a debian 10 template a while ago, it just hit me that there might be security risks from having gone with it instead of fedora 32. So are there any risks ? How big? If so, besides changing to fedora 32, what do you recommend I do?

There is nothing inherently worse in Debian compared to Fedora AFAIK. The security risks depend on your threat model, i.e. whether you trust Debian or Fedora more and which attacks you are trying to prevent. See also previous discussion.

Apart from that, to decrease the attack surface, you can use minimal templates for sys-firewall or even make it disposable as documented here.

If you want to make your Qubes OS more secure, have a look here:
How to make your Qubes OS more secure (Best Practices)


If you’re anxious about your firewall, have you considered installing Mirage instead? It’s a unikernel firewall that takes up far less resources and has a minimized attack surface. It’s somewhat easy to install (if you follow the instructions), low maintenance (doesn’t cause problems once it’s working) and easy to use (configured via Qubes GUI).