Denying the VM Access to the LAN

[mashroofa]

What im trying to achieve is to have a VM that has no way of communicating with the rest of the devices on the LAN.

The configuration below seems to work but i wanted some of your thoughts on it.

My aim to have the VM accessible by another person using a remote tool (e.g., AnyDesk) but prevent them (or malicius actors) from interfeering with other devices on my home network. Moreover, i want to achieve this without VLANS.

After applying the above firewall rule, using NMAP (within the VM) i was only able to list my home devices IPs and MAC addresses but not see their open ports. Is this secure enough?

Many thanks for the feedback!

 

[Dunuin]

I would create a DMZ subnet with its own bridge not conencted to a physical NIC, setup a OPNsense VM and let it route between LAN and DMZ using virtual NICs.

 

[mashroofa]

I would create a DMZ subnet with its own bridge not conencted to a physical NIC, setup a OPNsense VM and let it route between LAN and DMZ using virtual NICs.

Thank you for the information, but since my use case is simple i dont want to go into setting up something "more complex". So what is your idea about how i approach this with the firewall rules?

 

[hivebof832]

Thank you for the information, but since my use case is simple i dont want to go into setting up something "more complex". So what is your idea about how i approach this with the firewall rules?

same thing but with iptables.