Michael Strasser: > Hi! > > I have an AppVM (Standalone) in which I would like to redirect all (TCP) > traffic going to a specific IP address to localhost. I'm using the AppVM > for Malware Analysis, so I usually have no NetVM connected. I've tried a > few iptables commands that I found via web search, but none of them did > the trick. > > Could someone show me how to do this in Qubes 3.2? > > > Best regards, > > Michael > >
IIUC you have malware in AppVM trying to connect to $badIP. You want to capture those packets in AppVM on port $monitorPort. Try: iptables -t nat -A OUTPUT -d $badIP -p tcp -j REDIRECT --to-port $monitorPort Add to rc.local if you want on reboot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc4a653c-4f44-fe22-3746-d614f88085a3%40gmail.com. For more options, visit https://groups.google.com/d/optout.
