[OpenIndiana-discuss] Using ipfilter with bridged virtualbox guests

[Nick Brown]

Hi folks. My first post here.

I've just built a new box with oi_148, with the intention of running a
bunch of virtualbox guests on it. The host computer only has one
physical network adapter (bge0), and the guest's network adapters are
bridged to it. (I'm running virtualbox 4.1). So far so good. 

I'd really like to be able to use ipfilter to limit the extent of
network access of each of these guests. I've tried filter rules like...

block out from 10.0.0.30 to any
block in from any to 10.0.0.30

...where 10.0.0.30 is the IP of one of the guests, and I also tried
including "on bge0", but while I can see it blocking traffic between the
host and guest, it has no effect on traffic between the guest and the
rest of the LAN. 

I also tried creating a virtual nic, "vnic0", using dladm, which I then
configured virtualbox to bridge the guest to, and modified my filter
rules with "on vnic0", but it made no difference; guests still got
unrestricted access to the rest of the network.

Grateful for any suggestions.

Cheers,
Nick Brown