A system and method for guest netfilter protection using a virtual machine function includes a memory, one or more processors, in communication with the memory, a virtual machine, a hypervisor, and a virtual network interface controller on the virtual machine. The virtual machine and the hypervisor are configured to execute on the one or more processors. The hypervisor is configured to boot a guest operating system on the virtual machine. Then, the guest operating system is configured to send a list of networking filter rules to a virtual machine function executing on the virtual machine. The virtual machine function is configured to store the list of networking filter rules in a virtual machine function memory. The hypervisor is further configured to prevent the guest operating system from directly accessing the virtual network interface controller and allow the virtual machine function to access the virtual network interface controller.