On Tue, Jun 06, 2017 at 08:50:45PM +0200, Chris wrote: > Chris wrote: > > I'm trying to setup a network with some virtual machines, that can connect > > to each other and to the internet, but neither to the host nor to other > > VMs. > > Thank you for your replies. Unfortunately, I didn't mention, that I'd like > to be able to test malicious software, so my network filtering shouldn't > depend on the guests' IP addresses. I think I have to setup a new virtual > "virus" interface and configure iptables on the host for this interface. > Is this possible? You can use the network filters to setup antispoofing protection for both IP addresses and MAC addresses. In fact this is what the "clean-traffic" example filter libvirt provides will do for you. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
