Khenton
Khenton14mo ago

Need help with nwfilter part of libvirt VM package

I'm really bad at subnetting i think i overwrote 255.255.0.0 with 255.255.255.0, i'm a bit confused I like to block all Local network acces except for the minimum for the VM to reach the internet allowing 192.168.122.1(Gateway?) and 192.168.122.255(Broadcast?) wasnt enough? https://paste.simplylinux.ch/view/a0f14e76#Ys8nwq1NIWWXHrWOHp5UbtmaGoA6UPGz
36 Replies
Cyber Forum
Cyber Forum14mo ago
Post created!
🔎 This post has been indexed in our web forum and will be seen by search engines so other users can find it outside Discord 🕵️ Your user profile is private by default and won't be visible to users outside Discord, if you want to be visible in the web forum you can add the "Public Profile" role in <id:customize> ✅ You can mark a message as the answer for your post with Right click -> Apps -> Mark Solution (if you don't see the option, try refreshing Discord with Ctrl + R)
From An unknown user
Wagon
Wagon14mo ago
Good afternoon, can I ask how are you hosting this VM?
Khenton
Khenton14mo ago
Good day , It is hosted locally on Ubuntu 22,04 with mostly the default options using the standard dhcp 192.168.122.x I did not change the default i think it is partly bridged? The device is wireless so it cant be a full bridge? soo much informaton im really confused could you elaborate on your question?
Carson
Carson14mo ago
First off, do you know what your cidr is?
Khenton
Khenton14mo ago
I think it did comeup in my research but i dont fully remember wasnt that when you steal as many bits as you can from the host bits? oh no that was something else i think it reverse to class D/E in the ABCDE system?
Carson
Carson14mo ago
IPAddressGuide.com
CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
Free IP address tool to translate IPv4 address range into CIDR (Classless Inter-Domain Routing) format and vice-versa.
Khenton
Khenton14mo ago
maybe im confusing stuff oh yes i know that every ocated adds 8 to the slash
Carson
Carson14mo ago
You sure?
Khenton
Khenton14mo ago
because every part has 8 bits well i think you are implying i use the mask wrong i have that feeling too but not completely sure how to go abou it
Carson
Carson14mo ago
So you blocked all access? Even the gateway and broadcast?
Khenton
Khenton14mo ago
yes that is what i try to undo with
<rule action='accept' direction='inout' priority='400'>
<ip dstipaddr='192.168.122.0' dstipmask='24'/>
</rule>
<rule action='accept' direction='inout' priority='400'>
<ip dstipaddr='192.168.122.0' dstipmask='24'/>
</rule>
` It allows everything in the 192.168.122.x (0-255) It works but i would like to narrow it down further dstipaddr='192.168.122.0' dstipmask='24 means 192.168.122.0 255.255.255.0 if i understand the documentation while dstipmask='16' means 255.255.0.0
Carson
Carson14mo ago
Yes, that is correct
Khenton
Khenton14mo ago
What are the mimum ips that should be allowed?
Carson
Carson14mo ago
What are you trying to do?
Khenton
Khenton14mo ago
i want the VM to reach the internet freely but no acces to any local netoworks