On 05/01/2015 04:13 PM, drift@xxxxxxxxxxxxxxx wrote: > To take advantage of the filters, is it as simple as adding these > couple of lines in a guest's xml file like the example from > https://libvirt.org/formatnwfilter.html#nwfconcepts ? > > <devices> > <interface type='bridge'> > <mac address='00:16:3e:5d:c7:9e'/> > <filterref filter='clean-traffic'> > <parameter name='IP' value='10.0.0.1'/> > </filterref> > </interface> > </devices> Yes. Alternately, you can replace the <parameter> line above with: <parameter name='CTRL_IP_LEARNING' value='dhcp'/> and if the guest is using dhcp to get an IP address, libvirt will notice that and automatically use whatever IP address is assigned. > > Can multiple filters be combined together like this? > > <filterref filter='clean-traffic' filter='no-ip-multicast'> > <parameter name='IP' value='10.0.0.1'/> > </filterref> No. To use multiple filters, you need to define your own nwfilter rule that references multiple rules, then reference that single new rule from the <interface> config. This is a really good reference for nwfilter: https://libvirt.org/formatnwfilter.html > > Can the IP address parameter override the one in > /etc/network/interfaces on the guest? nwfilter just filters traffic with the given IP address. It doesn't tell the guest what address to try and use, just sets up filters based on the IP address you tell it (and in the case of the clean-traffic rule, it prevents the guest from using any other IP address). > > > When cloning a vm does it change the ip to avoid conflicts like it > would with mac-addresses? No. A management application on the host doesn't necessarily even know the IP address that will be configured in the guest. Of course if the guests are using dhcp, and you set the CTRL_IP_LEARNING parameter instead of a fixed IP address, then you've achieved what you wanted. _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
