Is there a way to block a client from the Internet but allow certain URLs?

jorgsmash

Regular Contributor
My goal is to test the effectiveness of Carbon Black Cloud against ransomware. I have a VM set up and will have that on the guest wifi network that blocks it from accessing any other clients on my main LAN. My goal is to have Carbon Black Cloud sensor installed and a Splunk forwarder installed. I'd like to download some malware samples, and then enable full blocking mode outbound with the exception of allowing Carbon Black Cloud sensor to communicate out and the Splunk forwarder to communicate out. The documentation for Carbon Black and Splunk Cloud only provide DNS names/URLS, because the applications are load-balanced and IPs change frequently. Is there a way I can block a specific client from all Internet access while still allowing access to a small set of URLs/DNS names/port numbers?

I have the YazFi script installed and I looked into the x3mrouting script but neither seem to offer this functionality. I tried using the search function, but haven't found anyone asking this specific question.

Thanks!
 

Yota

Very Senior Member
The best way is for you to run a proxy server on another computer and let the virtual machine's traffic go through the proxy server, so you can monitor the traffic and filter or block the traffic you don't want.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top