Ticket #3054 (closed defect: fixed)
no way to limit outgoing IP traffic from a VM
|Reported by:||RichMorin||Owned by:|
|Version:||VirtualBox 2.1.0||Keywords:||secutity IP access|
Description (last modified by frank) (diff)
It appears that VirtualBox does not provide a way to limit the outgoing access from an app inside a VM. This means that other mechanisms must be found to (say) keep an app from spamming the host OS. If so, this is an unfortunate deficiency.
On OSX, the "sandbox" facility can be used to limit the IP access of an app, so I'll try to run VB under it. On Linux, however, the best answer I've found is to run iptables on the guest OS. This seems wrong, philosophically, because it is conceivable that the guest OS could be compromised by a malicious app.
Please consider putting in some configuration features that will allow a VM to be held to a sharply limited set of outgoing IP addresses and ports. BTW, although my need is related to the use of Debian Linux and iptables, the problem is not specific to the guest OS.