Re: sandbox for Window$
- From: Chris Davies <chris-usenet@xxxxxxxxxxxx>
- Date: Thu, 11 Nov 2010 13:19:11 +0000
Russell L. Harris <rlharris@xxxxxxxxxxxxxxx> wrote:
I wish files on a machine running Window$ to be accessible to other
computers in the LAN, while preventing the Window$ machine from
accessing the Internet for http, ftp, email, etc. And, the Window$
machine must not be able to see or communicate with other machines in
the LAN, except for file transfers initiated by the other machines.
If you were to run MS Windows in a VM or behind a Linux-based server you
could use iptables to do this. You would probably benefit from something
to help you set up the rules in the FORWARD chain. For example -
FORWARD: From MS Windows to LAN
Allow established
DENY all
FORWARD: From MS Windows to Anywhere
DENY all
FORWARD: From LAN to MS Windows
Allow all
FORWARD: From Anywhere to MS Windows
DENY all
My preferred subsystem layer is shorewall. Others will prefer different
subsystems, including GUI-based helpers. Still others will prefer writing
iptables rules directly.
Chris
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/f37tq7x4b8.ln2@xxxxxxxxxxxxxxxxx
- Follow-Ups:
- Re: sandbox for Window$
- From: Nuno Magalhães
- Re: sandbox for Window$
- References:
- sandbox for Window$
- From: Russell L. Harris
- sandbox for Window$
- Prev by Date: Re: XDMCP mess
- Next by Date: Re: sandbox for Window$
- Previous by thread: Re: sandbox for Window$
- Next by thread: Re: sandbox for Window$
- Index(es):
Relevant Pages
|
