Hi guys
I would like to to run some untrusted software (closed source commercial software for both windows and linux) on my PC.
I’m planning to run them in VMs and containers e.g. QEMU and bubblewrap for the windows and linux apps respectively. But there are still problems, that is by giving them internet access it literally opens a backdoor in my network. They technically can phone home and expose everything I have on my network.
Is there anyway to give these apps internet access (limited to a range of addresses I whitelist) but no access to my host or local network?
I can probably figure out how to achieve this by using iptables and virtual interfaces on my host. But it feels cumbersome and adds extra work for managing my host. I have little experience using iptables if I mess up my host it will be hard for me to fix it.
Any more convenient way to do this? Is it possible to do this with QEMU and Containers? So that all I need is to maintain a script for starting up the VM/Container?
Something like this
qemu … -net whitelist=www.google.com
bubblewrap … -net whitelist=www.google.com
Any good ideas?
Thanks
D