gufw setting problem
by Johannes33 from LinuxQuestions.org on (#6QF6M)
I have a vm that I do not want connected to the internet but want connected to a samba share.
I have not set up the samba share yet.
The route
vm ip:192.168.122.122
virtual bridge ip: 192.168.122.1
lan network: 10.0.3.0/24
vm --- virtual bridge --- linux os acting as router --- lan network --- router --- internet
Friewall:
I want to block the vm from accessing internet
GUFW profile set to "home" which yields:
Incoming Deny, Outgoing Allow.
I think this rule is placed last, correct me if I'm wrong.
Rules in GUFW, written how they are displayed:
Anywhere ALLOW IN 10.0.3.0/24
Anywhere ALLOW IN 192.168.122.0/24
Anywhere DENY OUT 192.168.122.0/24 on wlp2s0(out)
wlp2s0 is my physical nic interface on my computer.
I set the last rule to deny out on wlp2s0 from 192.168.122.0/24.
It did not work. I have a theory that it does not stop the traffic because the traffic is already nated, hence has a different from address, when it comes to wlp2s0 and that is why it is not blocked.
Please correct me if I'm wrong, I like to learn how it works.
So now to the problem: How do I stop traffic from my vm to internet but at the same time have access to a samba share on my machine?
Out of curiosity but not really important:
When I did not allow connections in from 192.168.122.0/24 I could still ping my virtual bridge. Is this normal? My conclusion is that the firewall is between the bridge and the vm, could that be true and if so why?
I have not set up the samba share yet.
The route
vm ip:192.168.122.122
virtual bridge ip: 192.168.122.1
lan network: 10.0.3.0/24
vm --- virtual bridge --- linux os acting as router --- lan network --- router --- internet
Friewall:
I want to block the vm from accessing internet
GUFW profile set to "home" which yields:
Incoming Deny, Outgoing Allow.
I think this rule is placed last, correct me if I'm wrong.
Rules in GUFW, written how they are displayed:
Anywhere ALLOW IN 10.0.3.0/24
Anywhere ALLOW IN 192.168.122.0/24
Anywhere DENY OUT 192.168.122.0/24 on wlp2s0(out)
wlp2s0 is my physical nic interface on my computer.
I set the last rule to deny out on wlp2s0 from 192.168.122.0/24.
It did not work. I have a theory that it does not stop the traffic because the traffic is already nated, hence has a different from address, when it comes to wlp2s0 and that is why it is not blocked.
Please correct me if I'm wrong, I like to learn how it works.
So now to the problem: How do I stop traffic from my vm to internet but at the same time have access to a samba share on my machine?
Out of curiosity but not really important:
When I did not allow connections in from 192.168.122.0/24 I could still ping my virtual bridge. Is this normal? My conclusion is that the firewall is between the bridge and the vm, could that be true and if so why?