From 238dcbc2b9c03473e1e02cf87776ff67ba3adea5 Mon Sep 17 00:00:00 2001
From: Roger Luethi <rl@patchworkscience.org>
Date: Tue, 17 Jun 2014 17:50:19 +0200
Subject: [PATCH] Port forwarding only from localhost interface

The current code configures port forwarding to the VM from all host
interfaces.

Most users probably don't want to expose their unsecured VMs to their
local network (or worse).

This patch limits port forwarding to the host's 127.0.0.1 interface.

Partial-Bug: 1312764
Implements: blueprint openstack-training-labs
Change-Id: Ib28439c728691510ac710544564e92193e66bf52
---
 labs/lib/osbash/virtualbox.functions | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/labs/lib/osbash/virtualbox.functions b/labs/lib/osbash/virtualbox.functions
index 6b9e4512..715a2ad0 100644
--- a/labs/lib/osbash/virtualbox.functions
+++ b/labs/lib/osbash/virtualbox.functions
@@ -288,12 +288,13 @@ function vm_mem {
     $VBM modifyvm "$NAME" --memory "$MEM"
 }
 
+# Port forwarding from host to VM (binding to host's 127.0.0.1)
 function vm_port {
     local NAME="$1"
     local DESC="$2"
     local HOSTPORT="$3"
     local GUESTPORT="$4"
-    $VBM modifyvm "$NAME" --natpf1 "$DESC,tcp,,$HOSTPORT,,$GUESTPORT"
+    $VBM modifyvm "$NAME" --natpf1 "$DESC,tcp,127.0.0.1,$HOSTPORT,,$GUESTPORT"
 }
 
 function vm_nic_hostonly {