On Friday, November 10, 2017 at 9:40:56 PM UTC, Michael Strasser wrote: > Hi! > > I have an AppVM (Standalone) in which I would like to redirect all (TCP) > traffic going to a specific IP address to localhost. I'm using the AppVM > for Malware Analysis, so I usually have no NetVM connected. I've tried a > few iptables commands that I found via web search, but none of them did > the trick. > > Could someone show me how to do this in Qubes 3.2? > > > Best regards, > > Michael
On Friday, November 10, 2017 at 9:40:56 PM UTC, Michael Strasser wrote: > Hi! > > I have an AppVM (Standalone) in which I would like to redirect all (TCP) > traffic going to a specific IP address to localhost. I'm using the AppVM > for Malware Analysis, so I usually have no NetVM connected. I've tried a > few iptables commands that I found via web search, but none of them did > the trick. > > Could someone show me how to do this in Qubes 3.2? > > > Best regards, > > Michael An interesting thought just hit me when reading your post. You could hypothetically speaking, instead of a localhost, use a second or multiple of VM's, and tie them all VM's together. You'd need something akin to an offline sys-net/sys-firewall somehow, or maybe just an offline software router HVM operation system instead. Basically, any software that can send/receive like a router facilitating your malware network. Either way, the Qubes firewall base config can be found here, as long as none of the VM's have internet, it should hypothetically be safe (It's out of my league to say with certainty). I.e. if you go for the easy option and make an isolated offline shadow-clone of the existing network structure. https://www.qubes-os.org/doc/firewall/ I mean, it'd have to be malware specialized in attacking VM's or Qubes specifically, otherwise it shouldn't be harmful. Since you control what kind of malware you unleash, such an isolated and offline parallel network within Qubes should hypothetically be safe. If still concerned, you could use another pc/laptop to create the network and make use of airgap security instead of virtualization. It'd be akin to making your own little internet between VM's inside Qubes, next to your other online networked Qubes. Considering your goals to investigate Malware, this may in some cases even prove an interesting experiment. Basically, creating your own little playground, or sandbox if you will, with various of different operation-systems and system settings. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/50524145-357e-4774-a1a1-a68f6513f1da%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
