Need help with nwfilter part of libvirt VM package
I'm really bad at subnetting i think i overwrote 255.255.0.0 with 255.255.255.0, i'm a bit confused
I like to block all Local network acces except for the minimum for the VM to reach the internet
allowing 192.168.122.1(Gateway?) and 192.168.122.255(Broadcast?) wasnt enough?
https://paste.simplylinux.ch/view/a0f14e76#Ys8nwq1NIWWXHrWOHp5UbtmaGoA6UPGz
36 Replies
Post created!
🔎 This post has been indexed in our web forum and will be seen by search engines so other users can find it outside Discord
🕵️ Your user profile is private by default and won't be visible to users outside Discord, if you want to be visible in the web forum you can add the "Public Profile" role in <id:customize>
✅ You can mark a message as the answer for your post with
Right click -> Apps -> Mark Solution
(if you don't see the option, try refreshing Discord with Ctrl + R)Good afternoon, can I ask how are you hosting this VM?
Good day , It is hosted locally on Ubuntu 22,04 with mostly the default options
using the standard dhcp 192.168.122.x
I did not change the default i think it is partly bridged?
The device is wireless so it cant be a full bridge?
soo much informaton im really confused could you elaborate on your question?
First off, do you know what your cidr is?
I think it did comeup in my research but i dont fully remember
wasnt that when you steal as many bits as you can from the host bits?
oh no that was something else
i think it reverse to class D/E in the ABCDE system?
IPAddressGuide.com
CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
Free IP address tool to translate IPv4 address range into CIDR (Classless Inter-Domain Routing) format and vice-versa.
maybe im confusing stuff
oh
yes i know that
every ocated adds 8 to the slash
You sure?
because every part has 8 bits
well i think you are implying i use the mask wrong i have that feeling too but not completely sure how to go abou it
So you blocked all access?
Even the gateway and broadcast?
yes that is what i try to undo with `
It allows everything in the 192.168.122.x (0-255)
It works but i would like to narrow it down further
dstipaddr='192.168.122.0' dstipmask='24 means 192.168.122.0 255.255.255.0 if i understand the documentation while dstipmask='16' means 255.255.0.0
Yes, that is correct
What are the mimum ips that should be allowed?
What are you trying to do?
i want the VM to reach the internet freely but no acces to any local netoworks