search for: applying_network_filtering

Hello, I have a nwfilter that I'm using to ensure that libvirt domains can't spoof IPv6 traffic. It looks like this: <filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'> <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='$IPV6' srcipmask='$IPV6MASK'/> </rule>

Looking at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-virtual_networking-applying_network_filtering#sect-Applying_network_filtering-Usage_of_variables_in_filters, it sounds like the preferred approach is to use something like: <filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'> <rule action='return' direction='out' priority='500...

Hello All- I've looked in several places and haven't found an answer to this question: is it possible to have libvirt add custom rules to iptables for virtual network interfaces? I took a look at the "Firewall and Network Filtering in Libvirt" page and it seems overly complicated for what I want to do. Given an interface virbr2 and its network 192.168.4.0/24, libvirt installs

...yslog nor in /var/log/libvirt/qemu/<VM> My main references were: https://libvirt.org/firewall.html https://libvirt.org/formatnwfilter.html https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-virtual_networking-applying_network_filtering https://www.berrange.com/posts/2011/10/03/guest-mac-spoofing-denial-of-service-and-preventing-it-with-libvirt-and-kvm/ Any help really would be much appreciated! Thanks a lot! Sam

...beginning: https://libvirt.org/formatnwfilter.html#nwfwrite some more info: https://www.redhat.com/archives/libvir-list/2010-June/msg00762.html https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-virtual_networking-applying_network_filtering regards Am Donnerstag, den 30.05.2019, 21:44 -0400 schrieb Joshua Kramer: > Hello All- > > I've looked in several places and haven't found an answer to this > question: is it possible to have libvirt add custom rules to iptables > for virtual network interfaces? I to...

...u/<VM> > > My main references were: > > https://libvirt.org/firewall.html > https://libvirt.org/formatnwfilter.html > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-virtual_networking-applying_network_filtering > > https://www.berrange.com/posts/2011/10/03/guest-mac-spoofing-denial-of-service-and-preventing-it-with-libvirt-and-kvm/ > > Any help really would be much appreciated! > > Thanks a lot! > > Sam > > _______________________________________________ > libvirt-users ma...