Currently I am using this for the network. <network> <name>Internal</name> <bridge name='virbr2' stp='on' delay='0'/> </network> And then for the VM. <interface type='network'> <source network='Internal'/> <model type='virtio'/> <driver name='qemu'/> </interface>* I would like to avoid the host `virbr2` interface. This is because ideally package sniffers on the host such as tshark / wireshark would be unable to see these packages following between an internal network between two VMs.
* SLIRP should be avoided due to past security issues. [1]* dnsmasq on the host operating system or inside the VMs should also be avoided in favor of static IP addresses.
By comparison, this is possible in VirtualBox. [2]Is that possible with KVM too? Could you please show an example configuration file on how to accomplish that?
[1] CVE-2019-6778[2] VirtualBox has this capability. VirtualBox can have an internal network using static networking. No vibr bridge interfaces can be seen on the host operating system. And VM to VM internal traffic is not visible to package analyzers on the host operating system either.
Regards, Daniel -- Daniel Winzen Steinkaulstr. 47 52070 Aachen Germany Web: https://danwin1210.de/ E-Mail: daniel@xxxxxxxxxxxxx Phone: +49 176 98819809 PGP-Key: https://danwin1210.de/pgp.txt
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
