[HOWTO] Give win7 HVM an IP but no net access

[jewgleje...@gmail.com]

Just thought I'd leave this here.
Maybe it works for you, maybe it does not.

1. Shutdown whatever VMs are needed, and the sys-firewall
2. Open terminal in dom0, qvm-clone the sys-firewall
3. Set it to deny all traffic except to the IP that you want to https://xpra.org/ into your win7 HVM from. VNC is insecure by design which is why Subgraph OS doesn't use it; correct me if I am talking shit
4. Remove the sys-net from your cloned sys-firewall

Profit.

You now have a win7 instance with an internal IP that can communicate with other VMs, but no access to the inet.