Sandbox Rocky9 VM

Hi everyone,

Am trying to sandbox a Rocky9 VM deployed via KASM. The main goal is to keep data from leaving the machine. Was wondering if anyone is able to point me to some software to restrict internet usage from the VM, and after am trying to disable commands such as ssh, rsync, etc.

The users accessing VM should only have limited access via the browser to a few local servers.

Anyone, any ideas?

You(?) can have things on two layers: on hypervisor and in the guest. Both can filter traffic (aka firewall).

The default firewall in Rocky is configured with FirewallD and allows all outbound traffic, but only select inbound traffic.

You should probably replace firewalld.service with nftables.service and ruleset that allows outbound connections to select resources.

Ok, fair enough. What would you recommend in terms disabling the commands?
Also, I am a novice, if you could give some examples I would be super grateful.

Thank you for the answer as well.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.