Ticket #3054 (closed defect: fixed)

Opened 5 years ago

Last modified 5 months ago

no way to limit outgoing IP traffic from a VM

Reported by: RichMorin Owned by:
Priority: minor Component: network
Version: VirtualBox 2.1.0 Keywords: secutity IP access
Cc: rdm@… Guest type: Linux
Host type: Linux

Description (last modified by frank) (diff)

It appears that VirtualBox does not provide a way to limit the outgoing access from an app inside a VM. This means that other mechanisms must be found to (say) keep an app from spamming the host OS. If so, this is an unfortunate deficiency.

On OSX, the "sandbox" facility can be used to limit the IP access of an app, so I'll try to run VB under it. On Linux, however, the best answer I've found is to run iptables on the guest OS. This seems wrong, philosophically, because it is conceivable that the guest OS could be compromised by a malicious app.

Please consider putting in some configuration features that will allow a VM to be held to a sharply limited set of outgoing IP addresses and ports. BTW, although my need is related to the use of Debian Linux and iptables, the problem is not specific to the guest OS.

Change History

comment:1 Changed 5 months ago by frank

  • Status changed from new to closed
  • Resolution set to fixed
  • Description modified (diff)

Fixed in recent releases. See section 6.10 in the user manual.

Note: See TracTickets for help on using tickets.
ContactPrivacy policyTerms of Use