Skip to main content

How to prevent VM from seeing other devices on LAN with the firewall

This can be useful for setting up a separated sacrificial VM for testing known bad software, links etc.

Step 1: Create New Security Group

Datacenter - Firewall - Security Group

Create Group

 

Step 2: Add rules

Select the new security group and click 'Add'

Add the following rules:

IN ACCEPT -log nolog	#allows incoming traffic
OUT ACCEPT -dest 192.168.x.x	#allows access to DNS, only needed if DNS is not provided by gateway
OUT ACCEPT -dest 192.168.x.x	#allows access to gateway
OUT DROP -dest 192.168.0.0/16 #denies all access to rest of the LAN


Back to top