for starters im new to linux so correct me on anything
so im running a virtual machine (windows 10) on a bridged network (using virtualbox) on a ubuntu host. the VM needs to not accept ANY inbound connections (besides its connection with the host), but still complete outbound connections. the host runs a script that does malware brown townysis using the guest (VM) as a sandbox enviroment, and it uses different libraries that do packet sniffing and network brown townysis so i want the guest to still have limited access to the internet, but i dont want it do be able to accept inbound connections so as not to corrupt the network/host.
this is what ive done so far using iptables to try and achieve this (0.0.0.0 is the ip address of the guest, edited out here):
$ sudo iptables -A INPUT -i eth0 -s 0.0.0.0 -j DROPlisting the IP tables exhibits the following:
Chain INPUT (policy ACCEPT 3605 packets, 3381K bytes)
pkts bytes target prot opt in out source destination
54 5540 DROP all -- eth0 any 0.0.0.0 anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2540 packets, 312K bytes)
pkts bytes target prot opt in out source destination
isnt this saying that all inbound connections to the guest should be blocked? the VM can still access the internet and i get responses both ways when i ping an IP. what am i missing?
