LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-13-2019, 12:53 PM   #1
cerber
LQ Newbie
 
Registered: Dec 2017
Posts: 17

Rep: Reputation: Disabled
Allow only traffic from Whonix-Gateway


I need to allow only traffic from Whonix-Gateway virtual machine and drop the rest on the host. Only allowed traffic on the host are torified system upgrades. I use qemu-kvm for virtualization.

ifconfig -a output:

Code:
eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 00:d8:61:44:3b:36  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 18  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 500  bytes 42572 (41.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 500  bytes 42572 (41.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether d6:89:5d:25:a7:35  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.2  netmask 255.255.255.0  broadcast 10.0.2.255
        ether ba:50:e8:19:d8:e0  txqueuelen 1000  (Ethernet)
        RX packets 7380  bytes 1662540 (1.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10658  bytes 16217005 (15.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 92:eb:60:36:5b:ec  txqueuelen 1000  (Ethernet)
        RX packets 3  bytes 84 (84.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 120  bytes 5040 (4.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0-nic: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether 52:54:00:2c:eb:d5  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr1-nic: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether 52:54:00:8b:c2:e1  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr2-nic: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether 52:54:00:98:1e:82  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc54:ff:fe25:c4f1  prefixlen 64  scopeid 0x20<link>
        ether fe:54:00:25:c4:f1  txqueuelen 1000  (Ethernet)
        RX packets 7380  bytes 1765860 (1.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12284  bytes 16302650 (15.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc54:ff:fead:3e09  prefixlen 64  scopeid 0x20<link>
        ether fe:54:00:ad:3e:09  txqueuelen 1000  (Ethernet)
        RX packets 6827  bytes 14043836 (13.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8503  bytes 578811 (565.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc54:ff:fe85:d7de  prefixlen 64  scopeid 0x20<link>
        ether fe:54:00:85:d7:de  txqueuelen 1000  (Ethernet)
        RX packets 2086  bytes 195061 (190.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3019  bytes 1392073 (1.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc54:ff:fe26:2827  prefixlen 64  scopeid 0x20<link>
        ether fe:54:00:26:28:27  txqueuelen 1000  (Ethernet)
        RX packets 4214  bytes 235337 (229.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4928  bytes 12406927 (11.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.221  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::bb8a:5532:d794:f463  prefixlen 64  scopeid 0x20<link>
        ether 48:a4:72:f3:37:c5  txqueuelen 1000  (Ethernet)
        RX packets 392071  bytes 549678001 (524.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 208071  bytes 23596361 (22.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
where virbr0 is default external network interface for virtual machines, virbr1 is whonix external network for gateway, virbr2 is whonix internal network

Should I create tap interface to be able to allow only Whonix-Gateway access the internet? How iptables rules should look?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
What about the host with whonix gateway ? anon06 Linux - Networking 5 01-20-2019 10:57 AM
whonix session quincey543 Linux - Software 1 08-14-2017 02:17 PM
[SOLVED] verify whonix with gpg quincey543 Linux - Security 4 07-30-2017 12:32 AM
Why is it more secure to use Tor on Whonix, then just use tor elsewhere? PACMANchasingme Linux - Distributions 2 12-31-2015 05:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration