[plug] Firewalling virtual machines
Brad Campbell
brad at fnarfbargle.com
Tue Nov 29 22:35:26 AWST 2016
On 29/11/16 21:21, Thomas Cuthbert wrote:
> This does look cool - if you ever get a chance to test graphics passthru
> let me know. I have been wanting to concurrently run my gaming rig and
> linux workstation for a few years now but the technology just hasn't
> been there (or at least in a non-complicated way)
>
I toyed with PCIe passthrough on an old AMD GPU a few years ago, but I
didn't really have a use case for it as I haven't played a game since
"The Incredible machine 1 & 2" and they run great in dosbox.
I'm waiting for the new Intel GPU acceleration passthrough to mature as
a number of packages I test would benefit from h264 decode offload on
anything newer than an intel 3xxx cpu.
As for windows, no I don't generally install updates and I sure as heck
don't ever let anything auto-update. I have installed service packs from
time to time, but purely as a manual download/install.
I tend to use Windows VM's as a means to run one or more specific pieces
of software, and as such I'm not worried about updates or getting infected.
There are a couple of pretty good block lists for proxies to block
Windows telemetry, but you can't really block telemetry and allow
auto-update as they seem to have some common servers in there. If you
block telemetry Windows will try a plethora of different servers and
urls to try and get around the block, and by the time you've finished
the game of 'whack-a-mole' you've blocked most of Microsoft and a whole
heap of domains you never knew they owned.
I've looked at the whitelist-only proxy idea, but there is currently
nothing I need to access from any isolated machines so it's a long way
down the list. If I were to do it I'd use privoxy.
I do run squid as a general proxy and that has a pretty long blacklist
(including all the known MS telemetry domains) to prevent ios devices or
windows machines getting updates or phoning home. VM's are strictly
contained and completely isolated from the proxy also (as are my Chinese
CCTV cameras).
--
Dolphins are so intelligent that within a few weeks they can
train Americans to stand at the edge of the pool and throw them
fish.
More information about the plug
mailing list