Let’s say you are running a virtual machine inside VNET and by default internet access is allowed from VM. You have requirement to block the internet traffic. In this blog we will see how can we block the internet traffic from VM.
We have created one VM inside virtual network, network interface and public assign IP. We can access VM inside Virtual network with public IP.
Network Diagram-
Inside network card effective routes option we can check our effective routes. It’s all system routes available.
Now let’s create custom routes using route table to block the internet traffic outbound to VM.
Step-1 Choose route table
Step-2 Create route table in same resource and location. By default Propagate gateway routes is set yes so leave as it (It required incase of integrated network to route traffic.)
Step-3 – Let’s create the route. I am going to choose Destination address prefix a wildcard range (0.0.0.0/0) anything outbound to internet should be dropped. Next hop type you can choose Virtual network gateway incase of hybrid network (OnPrem and Cloud) , Virtual Network incase of peered network, Internet for public access, Virtual Appliance for public network, None to drop the traffic which i have choosen in my case.
Step-4 New let’s go the subnet and associate our newly created route table to the subnet.
Step-5 – Now let’s go to the network interface and check the effective route after associating new subnet to the route table. It will have custom route or user defined route that will be associated with default subnet.
Now you can see below system routes became invalid and user defined route to drop all outbound internet traffic is Active. It has overridden the system route with user defined custom routes.
Thanks for reading.