On Mon, Aug 11, 2014 at 5:38 PM, Anton Gorlov <stalker@xxxxxxxxxxx> wrote:
Hi all.
What right way to protect ip/mac spoofing for guests withnount dhcp and
other 1 ip per guest?
_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users
Libvirt manages iptables, ebtables, etc via nwfilter. You can add a filterref to your guest xml. This libvirt documentation covers this topic. It sounds like you will want to implement the clean-traffic filter.
From a similar libvirt document there is this reference which sounds like what you want to implement.
"Most of these are just building blocks. The interesting one here is 'clean-traffic'. This pulls together all the building blocks into one filter that you can then associate with a guest NIC. This stops the most common bad things a guest might try, IP spoofing, arp spoofing and MAC spoofing."
Regards,
Jamie Ian Fargen
_______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
