On 10/03/2018 07:03 PM, scrap@xxxxxxxxxxx wrote:
Hello together,
in first - thanks to all of you for your great work!
I have just a small feature request for virt-manager:
Unfortunately it is not possible yet to block guests public internet
access in the guest machine settings (= NIC settings).
Some additional option inside guests NIC settings to avoid public
internet access would be awesome. Right now, only network source
(NAT/host devices) and desired device model (virtio etc.) can be
configured in that menue.
Would it be possible to add some checkmark to activate the option
"Prohibit guests network access to public internet" while preserving
guests network access to the host machine?
Do you have in mind a specific libvirt/qemu feature that you want
exposed, or are you asking for this kind of on/off switch to implemented
lower in the stack?
You can avoid public internet access by choosing an appropriate network
source: NAT guests are not accessible from the outside world. If you are
using a bridge or macvtap, then it's essentially like your VM is just a
host on the same network the physical machine is on, so you would use
whatever mechanism you would use to protect your physical host, like a
firewall on your home router.
What kind of network source are you using?
- Cole
_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
