Re: [Qemu-devel] Disabling outgoing connectiong from within guest

[Ben Taylor]

On Fri, Jun 20, 2008 at 9:13 AM, Paul Brook <address@hidden> wrote:
> On Friday 20 June 2008, Johannes Schindelin wrote:
>> Hi,
>>
>> On Thu, 19 Jun 2008, Paul Brook wrote:
>> > On Wednesday 18 June 2008, Łukasz Taczuk wrote:
>> > > I would like to create a sandboxed environment in which random users
>> > > would be able to roam freely using ssh. However, I don't want to allow
>> > > them to open outgoing connections just as if the box was offline (even
>> > > if the guest is compromised). Basically I would like to have something
>> > > like reversed user mode network stack: you can log in to the guest,
>> > > but once you're in, you cannot connect to the host nor any other
>> > > machine.
>> >
>> > Your host OS firewall/packet filter should already be able to do this.
>> > IMHO there's little or no point reimplementing this functionality in
>> > qemu.
>>
>> Except that Lukasz wrote about users in the sandboxed environment, not all
>> users of the _host_ machine.
>
> Right. That's why you want to do the firewalling/sandboxing on the host. If
> you don't trust your host OS you're already screwed.

So in this situation, you're going to have a filter on the tap
device, that does something like:

allow incoming to port 22 (he did say ssh)

assuming guest is DHCP'd
allow incoming to port 68 (DHCP)
allow outgoing to port 68 (DHCP)

maybe allow dns so
allow incoming to port 53 (DNS) from dns server
allow outgoing to port 53 (DNS) to dns server

deny everything else incoming or outgoing