I have a scenario here. I have three VM's running Ubuntu configured on bridged adapter. They have local network access to each other. I'm simulating a DDoS UDP flood for an project. VM1 and VM2 will flood VM3 with UDP packets. VM3 needs to be able to block this.
The flooding is working fine, but nothing I do stops it. I've tried setting iptables rules on VM3 to block the IP's of VM1 and VM2, but tcpdump shows them communicating as .local machines. Is there a trick I can use to block VM1 and VM2 on VM3? Or perhaps a firewall rule or filter that blocks any "floods" regardless of source, even if it's on a local network? Any help would be appreciated. Thanks.