Off Topic > Off Topic

help with iptables (LINUX)

Pages: (1/1)

RedGajin:

for starters im new to linux so correct me on anything

so im running a virtual machine (windows 10) on a bridged network (using virtualbox) on a ubuntu host. the VM needs to not accept ANY inbound connections (besides its connection with the host), but still complete outbound connections. the host runs a script that does malware brown townysis using the guest (VM) as a sandbox enviroment, and it uses different libraries that do packet sniffing and network brown townysis so i want the guest to still have limited access to the internet, but i dont want it do be able to accept inbound connections so as not to corrupt the network/host.

this is what ive done so far using iptables to try and achieve this (0.0.0.0 is the ip address of the guest, edited out here):

--- Code: ---$ sudo iptables -A INPUT -i eth0 -s 0.0.0.0 -j DROP
--- End code ---
listing the IP tables exhibits the following:

--- Code: ---Chain INPUT (policy ACCEPT 3605 packets, 3381K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   54  5540 DROP       all  --  eth0   any     0.0.0.0         anywhere                     

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 2540 packets, 312K bytes)
 pkts bytes target     prot opt in     out     source               destination
--- End code ---

isnt this saying that all inbound connections to the guest should be blocked? the VM can still access the internet and i get responses both ways when i ping an IP. what am i missing?

Metario:

no that's specifying all inbound connections on interface eth0 from 0.0.0.0 should be dropped
im dumb lol
you're setting the source for inbound as the vm ip but as it'll be inbound packets (so from your server or whatever) you should be setting the dest to the vm ip

Metario:

here

--- Code: ---sudo iptables -A INPUT -d 0.0.0.0 -j DROP
--- End code ---
that'll block traffic to your inbound traffic to your vm

RedGajin:


--- Quote from: Metario on April 18, 2017, 05:17:51 PM ---here

--- Code: ---sudo iptables -A INPUT -d 0.0.0.0 -j DROP
--- End code ---
that'll block traffic to your inbound traffic to your vm

--- End quote ---
ahh ok, that makes more sense, good looks bro
ill bump this topic if i have any more trouble

Metario:


--- Quote from: RedGajin on April 18, 2017, 05:24:00 PM ---ahh ok, that make sure more sense, good looks bro🙏🏾
ill bump this topic if i have any more trouble

--- End quote ---
also you're gonna wanna delete that last rule because it makes no sense

--- Code: ---sudo iptables -D INPUT -i eth0 -s 0.0.0.0 -j DROP
--- End code ---


Pages: (1/1)

Go to full version