Iptables with host-only networking

[ceving]

I would like to configure some iptables rules as soon as any vboxnet interface comes up. But the interfaces are not controlled by /etc/network/interfaces like all other interfaces on my Debian host. Is there any other kind of hook which can be used to run some iptables commands after an VirtualBox interface became available?

[sej7278]

why don't you use bridged networking, then it more like a real network interface.

i don't see the point of firewalling an interface that can only connect to the host, you might as well not bother with networking at all!

[ceving]

why don't you use bridged networking, then it more like a real network interface.

Host only interfaces are unreal interfaces?

[sej7278]

why don't you use bridged networking, then it more like a real network interface.

Host only interfaces are unreal interfaces?

well it only sends traffic between the host and guest (not lan or internet) so a little pointless yes!

[blinky]

why don't you use bridged networking, then it more like a real network interface.

Host only interfaces are unreal interfaces?

well it only sends traffic between the host and guest (not lan or internet) so a little pointless yes!

Not quite true. If your real interface is eth0, then if you enabling forwarding in (/etc/sysctl.conf) and set a rule to NAT all traffic out of eth0 you end up wih a private virtual network (with multiple VM's if you require) that can talk to the everything outside of eth0 (lan/internet).

Add in port forwarding rules to to the host and the VM's can provide services to things on the other side of eth0

I use it for testing out idea's, works well.

[ceving]

Add in port forwarding rules to to the host and the VM's can provide services to things on the other side of eth0

Thanks for explaining this. But how about my original question?