Opened 15 years ago
Closed 10 years ago
#3054 closed defect (fixed)
no way to limit outgoing IP traffic from a VM
| Reported by: | Rich Morin | Owned by: | |
|---|---|---|---|
| Component: | network | Version: | VirtualBox 2.1.0 |
| Keywords: | secutity IP access | Cc: | rdm@… |
| Guest type: | Linux | Host type: | Linux |
Description (last modified by )
It appears that VirtualBox does not provide a way to limit the outgoing access from an app inside a VM. This means that other mechanisms must be found to (say) keep an app from spamming the host OS. If so, this is an unfortunate deficiency.
On OSX, the "sandbox" facility can be used to limit the IP access of an app, so I'll try to run VB under it. On Linux, however, the best answer I've found is to run iptables on the guest OS. This seems wrong, philosophically, because it is conceivable that the guest OS could be compromised by a malicious app.
Please consider putting in some configuration features that will allow a VM to be held to a sharply limited set of outgoing IP addresses and ports. BTW, although my need is related to the use of Debian Linux and iptables, the problem is not specific to the guest OS.
Change History (1)
comment:1 by , 10 years ago
| Description: | modified (diff) |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Fixed in recent releases. See section 6.10 in the user manual.