Skip to main content

One post tagged with "firewall"

View All Tags

· One min read
Huakun Shen

Let's say you have a local network with subnet, the router is on, you have a VM running on (Doesn't matter here).

I want to give a teammate access to the VM but doesn't allow the VM to access any other devices under the same subnet.

VLAN is a way to do it, but too complicated and require some hardwares and softwares.

The easiest way is to rely on the VM's firewall, simply don't give sudo access to the guest user.

sudo ufw enable
sudo ufw allow out to
sudo ufw deny out to

ufw allow out to is for allowing traffic to router, otherwise it will not be able to connect to external network.

The ufw deny out to must be run after ufw allow out to, as the rules are like a chain in iptables, if the deny rule comes first, traffic to router will be blocked and the allow rule won't even to reached.

The prepend keyword can be used to move a rule's priority ufw prepend deny out to