Block Internet Access to Guest VM? (General Request for Firewall Guidance)

[js2]

Hi Everyone,

I would like to block a vm from accessing the internet. It's Windows, so my preference is to do this outside of the OS (in Proxmox). In my mind, I can see how adding a few rules to block the public ip address range would work. I would like for this to be all protocols. I have taken a few swings at it, and I looked at the Firewall documentation page, but it still doesn't seem to be working. I made sure I enabled the firewall in the gui.

In general, is learning iptables the best way to push myself in the direction at getting better at this?

Thank you!!!

 

[Dunuin]

You also need to enable the firewall on datacenter level or any enabled VM/LXC firewall rules will be ignored.

By default a VMs firewall will block all incoming traffic and allow all outgoing traffic. So if you want to block internet access for that VM I would change that so that all incoming outgoing traffic will be dropped too.
You can then add a rule that allows all outgoing traffic on all ports for targets that are within your LANs IP range.