Quote:
Originally Posted by computersavvy
Your VM has its own network.
You did not state how the networking is configured for the VM, but it likely needs its own rules on the host.
Mine is bridged using virbr0 and has its own subnet on the host at 192.168.124.0/24. Thus on the host I can establish rules that communications from 192.168.124.1 (virbr0) are only allowed via tun0 and no other path.
|
Thank you for your reply!
My VM is bridged using virbr0 and its subnet is 192.168.122.0/24
But I have difficulties with writing the rules for UFW anyway.
I tried this:
Code:
ufw --force reset
ufw default deny incoming
ufw default deny outgoing
ufw allow in on tun0
ufw allow out on tun0
ufw allow in on enpXXX from 192.168.122.0/24
ufw allow out on enpXXX to 192.168.122.0/24
ufw allow out on virbr0 to xxx.xxx.xxx.xxx port xxxx proto tcp
ufw allow in on virbr0 from xxx.xxx.xxx.xxx port xxxx proto tcp
ufw enable
or this:
Code:
ufw --force reset
ufw default deny incoming
ufw default deny outgoing
ufw allow in on tun0
ufw allow out on tun0
ufw allow in on virbr0 from 192.168.122.0/24
ufw allow out on virbr0 to 192.168.122.0/24
ufw allow out on virbr0 to xxx.xxx.xxx.xxx port xxxx proto tcp
ufw allow in on virbr0 from xxx.xxx.xxx.xxx port xxxx proto tcp
ufw enable
But still I have the same - it doesn't work at all or it works allways.
Could you please tell me more exactly how should I write it?
I really would appreciate.
Sorry, I'm really new to it...
Quote:
Originally Posted by jefro
Make another VM of a firewall device and route to and out of it.
|
This probably would be even more difficult for me. Besides I would prefer not to run too many VMs