| Off Topic > Off Topic |
| help with iptables (LINUX) |
| (1/1) |
| RedGajin:
for starters im new to linux so correct me on anything so im running a virtual machine (windows 10) on a bridged network (using virtualbox) on a ubuntu host. the VM needs to not accept ANY inbound connections (besides its connection with the host), but still complete outbound connections. the host runs a script that does malware brown townysis using the guest (VM) as a sandbox enviroment, and it uses different libraries that do packet sniffing and network brown townysis so i want the guest to still have limited access to the internet, but i dont want it do be able to accept inbound connections so as not to corrupt the network/host. this is what ive done so far using iptables to try and achieve this (0.0.0.0 is the ip address of the guest, edited out here): --- Code: ---$ sudo iptables -A INPUT -i eth0 -s 0.0.0.0 -j DROP --- End code --- listing the IP tables exhibits the following: --- Code: ---Chain INPUT (policy ACCEPT 3605 packets, 3381K bytes) pkts bytes target prot opt in out source destination 54 5540 DROP all -- eth0 any 0.0.0.0 anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 2540 packets, 312K bytes) pkts bytes target prot opt in out source destination --- End code --- isnt this saying that all inbound connections to the guest should be blocked? the VM can still access the internet and i get responses both ways when i ping an IP. what am i missing? |
| Metario:
no that's specifying all inbound connections on interface eth0 from 0.0.0.0 should be dropped im dumb lol you're setting the source for inbound as the vm ip but as it'll be inbound packets (so from your server or whatever) you should be setting the dest to the vm ip |
| Metario:
here --- Code: ---sudo iptables -A INPUT -d 0.0.0.0 -j DROP --- End code --- that'll block traffic to your inbound traffic to your vm |
| RedGajin:
--- Quote from: Metario on April 18, 2017, 05:17:51 PM ---here --- Code: ---sudo iptables -A INPUT -d 0.0.0.0 -j DROP --- End code --- that'll block traffic to your inbound traffic to your vm --- End quote --- ahh ok, that makes more sense, good looks bro ill bump this topic if i have any more trouble |
| Metario:
--- Quote from: RedGajin on April 18, 2017, 05:24:00 PM ---ahh ok, that make sure more sense, good looks bro🙏🏾 ill bump this topic if i have any more trouble --- End quote --- also you're gonna wanna delete that last rule because it makes no sense --- Code: ---sudo iptables -D INPUT -i eth0 -s 0.0.0.0 -j DROP --- End code --- |
| Navigation |
| Message Index |