Re: [Qemu-devel] Disabling outgoing connectiong from within guest

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Paul Brook <paul@codesourcery.com>
To: qemu-devel@nongnu.org
Cc: "Łukasz Taczuk" <taczuk@gmail.com>
Subject: Re: [Qemu-devel] Disabling outgoing connectiong from within guest
Date: Thu, 19 Jun 2008 01:01:42 +0100	[thread overview]
Message-ID: <200806190101.42916.paul@codesourcery.com> (raw)
In-Reply-To: <be6fd6ab0806181441w7816d955j82cc12d5f991fa04@mail.gmail.com>

On Wednesday 18 June 2008, Łukasz Taczuk wrote:
> Hi!
>
> I would like to create a sandboxed environment in which random users
> would be able to roam freely using ssh.
> However, I don't want to allow them to open outgoing connections just
> as if the box was offline (even if the guest is compromised).
> Basically I would like to have something like reversed user mode
> network stack: you can log in to the guest, but once you're in, you
> cannot connect to the host nor any other machine.

Your host OS firewall/packet filter should already be able to do this.
IMHO there's little or no point reimplementing this functionality in qemu.

Paul

next prev parent reply	other threads:[~2008-06-19  0:01 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-06-18 21:41 [Qemu-devel] Disabling outgoing connectiong from within guest Łukasz Taczuk
2008-06-19  0:01 ` Paul Brook [this message]
2008-06-20 11:41   ` Johannes Schindelin
2008-06-20 13:13     ` Paul Brook
2008-06-20 13:23       ` Ben Taylor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200806190101.42916.paul@codesourcery.com \
    --to=paul@codesourcery.com \
    --cc=qemu-devel@nongnu.org \
    --cc=taczuk@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.