Firewall The Physical NIC for all Virtual NICs

[Smellz]

Hello.

Is it possible to Firewall the physical Network Interface Card to apply to All Virtual NICs created
with VirtualBox ?

Thank you.

[mpack]

Just use NAT mode in the guests?

[Smellz]

Yes, but is there a way to guarantee a user cannot bypass the host's firewall by creating
a bridged connection in a guest ?

Regards,
S.Mellz

[mpack]

You want to prevent users of the host PC from using all of VirtualBox's capabilities? Apart from deleting (or not installing) the VBox bridge driver on the host I don't know any way to do that. I also am not clear on what threat you think this prevents.

[BillG]

You cannot create a bridged network in a guest unless you have access to the host OS to run the VirtualBox manager. Preventing that really has nothing to do with VirtualBox. It depends on the security settings in the host OS. I am not aware of any way you could prevent the user from changing the vm settings but do anything useful with the vm.

[Smellz]

Thanks mpac, billg.

Do I understand you correctly ? ...

1. The ability for success of a global firewall policy for the Physical NIC is dependent on the Host, not Virtualbox.
2. If I am able to successfully apply a Global Firewall Policy to the Host's eth0, it will also apply to any Virtual Bridged NICs.
3. There is no way to prevent a non-root user from changing the virtual NIC from a NAT to Bridged.

I'm attempting to prevent direct access to the Internet from any existing Virtualbox Bridged machines,
the Host's eth0 is forced to access only via ssh proxy.

Thank you both.
S.Mellz