On Fri, May 17, 2024 at 11:25 AM Michal Prívozník <mprivozn@xxxxxxxxxx> wrote: > > On 5/17/24 14:21, Anchal Nigam wrote: > > I don't have a router that I can create custom rules to block things. I was hoping there would be a way to do this entirely on the host but it doesn't look like it is possible. > > > > macvtap IS purely host thing. No need to set anything on the router. In > fact, you'd need a special switch if you wanted two guests using macvtap > on the same host to talk to each other (it's called hairpinning). > > Michal If it was my setup I would - Create an internal network for these test guests - Connect the network to the router using a vlan or a specific network/30 with a route definition on the vm server. Ideally you could then say in said router that any traffic coming from network/30 goes straight outside.
