Re: sandbox for Window$

To: debian-user@lists.debian.org
Subject: Re: sandbox for Window$
From: Chris Davies <chris-usenet@roaima.co.uk>
Date: Thu, 11 Nov 2010 13:19:11 +0000
Message-id: <[🔎] f37tq7x4b8.ln2@news.roaima.co.uk>
Reply-to: chris@roaima.co.uk
References: <[🔎] 20101110213657.GA3376@rlharris.org>

Russell L. Harris <rlharris@broadcaster.org> wrote:
> I wish files on a machine running Window$ to be accessible to other
> computers in the LAN, while preventing the Window$ machine from
> accessing the Internet for http, ftp, email, etc.  And, the Window$
> machine must not be able to see or communicate with other machines in
> the LAN, except for file transfers initiated by the other machines.

If you were to run MS Windows in a VM or behind a Linux-based server you
could use iptables to do this. You would probably benefit from something
to help you set up the rules in the FORWARD chain. For example -

FORWARD: From MS Windows to LAN
        Allow established
        DENY all

FORWARD: From MS Windows to Anywhere
        DENY all

FORWARD: From LAN to MS Windows
        Allow all

FORWARD: From Anywhere to MS Windows
        DENY all

My preferred subsystem layer is shorewall. Others will prefer different
subsystems, including GUI-based helpers. Still others will prefer writing
iptables rules directly.

Chris

Reply to:

Follow-Ups:
- Re: sandbox for Window$
  - From: Nuno Magalhães <nunomagalhaes@eu.ipp.pt>

References:
- sandbox for Window$
  - From: "Russell L. Harris" <rlharris@broadcaster.org>

Prev by Date: Re: XDMCP mess
Next by Date: Re: sandbox for Window$
Previous by thread: Re: sandbox for Window$
Next by thread: Re: sandbox for Window$
Index(es):
- Date
- Thread