On Mon, Jun 05, 2017 at 01:58:26PM +0200, Chris wrote: > All, > > I'm trying to setup a network with some virtual machines, that can connect > to each other and to the internet, but neither to the host nor to other > VMs. > > Is there any preconfigured network filter or best-practice for this setup? > Of course, I could setup iptables rules on the host, but I'd prefer > libvirt to handle them. This can be done with the libvirt nwfilter APIs/commands, which will automate the create/teardown of ebtables rules at vm start/stop. You would have to ensure VMs get fixed IP addresses, and then define some rules that block the VM subnet, except for whitelisted entries, as well as blocking the host IP, but leaving other stuff open (to allow internet access). Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
