Re: sandbox for Window$
Russell L. Harris <rlharris@broadcaster.org> wrote:
> I wish files on a machine running Window$ to be accessible to other
> computers in the LAN, while preventing the Window$ machine from
> accessing the Internet for http, ftp, email, etc. And, the Window$
> machine must not be able to see or communicate with other machines in
> the LAN, except for file transfers initiated by the other machines.
If you were to run MS Windows in a VM or behind a Linux-based server you
could use iptables to do this. You would probably benefit from something
to help you set up the rules in the FORWARD chain. For example -
FORWARD: From MS Windows to LAN
Allow established
DENY all
FORWARD: From MS Windows to Anywhere
DENY all
FORWARD: From LAN to MS Windows
Allow all
FORWARD: From Anywhere to MS Windows
DENY all
My preferred subsystem layer is shorewall. Others will prefer different
subsystems, including GUI-based helpers. Still others will prefer writing
iptables rules directly.
Chris
Reply to: