Can 'not' block virtualbox traffic with firewall


  1. Posts : 5
    Windows 10
       #1

    Can 'not' block virtualbox traffic with firewall


    I am trying to configure my Windows system such I can block VirtualBox VM traffic to for example the internet but not the local network. That is I have some services on my local network that my VMs must access but I want to block all traffic outside of the local network e.g. to and from the Internet.

    I am using Windows 10 and chose to use the Windows Firewall as the configuration can be added to group policy and enforced for all users. I note VirtualBox has several services and processes, and assume virtualboxvm.exe is the process for the running VM (?). I then configure rules to block all protocols and ports for the virtualboxvm.exe for all networks (domain, private, public) both inbound and outbound. However, when running a simple ping or browser on the VM access to the internet is still possible. My rule works fine when I change it to apply for all executables.

    Any ideas why I cannot block VirtualBox network traffic via the Windows Firewall?

    (Also posted here: virtualbox.org • View topic - Can 'not' block virtualbox traffic with firewall)
    Last edited by deanwarrenuk; 05 Sep 2019 at 03:51.
      My Computer

  2. lx07's Avatar
    Posts : 5,479
    2004
       #2

    Would or internal or host only networking do what you want? Both block access to internet.
      My Computer

  3. Samuria's Avatar
    Posts : 6,206
    windows 10
       #3

    On vb network set it with no default gateway so it doesn't know how to get to the net and can only use lan
      My Computer


  4. Posts : 5
    Windows 10
    Thread Starter
       #4

    @lx07 Thanks for your input. No, I don't think 'internal' network mode will help as it restricts the guest VM to only be able to communicate with other guest VMs on the host. Thus would not be able to commuicate with services on the local network (i.e. not on the host). Also 'internal' doesn't allow the host to communicate with the guest VM. The 'host-only' is like 'internal' but with the additional of the host being able to commuicate with the guest VM, so again no ability to communicate with the local network.
      My Computer


  5. Posts : 5
    Windows 10
    Thread Starter
       #5

    @Samuria thanks for your reply. I assume you are saying set the default gateway on the guest VM, as far as I know there is no way to do this for VirtualBox(?). In which case this would have to be done on a guest VM basis, which is not ideal. Really I want a mechanism whereby users can configure their guest VMs as needed, but internet is blocked and key local network based services are allowed and can be enforced, i.e. firewall. However the firewall doesn't seem to block VirtualBox.
    Last edited by deanwarrenuk; 05 Sep 2019 at 07:00.
      My Computer

  6. lx07's Avatar
    Posts : 5,479
    2004
       #6

    Says here blocking virtualbox.exe (not virtualboxvm.exe) works with nat but I didn't try it. They were doing to opposite to what you want (blocking lan) but may be worth a try with that program name.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 00:47.
Find Us




Windows 10 Forums