search for: dstipaddr

...? Thanks a lot. <filter name='filter-test'> <rule action='accept' direction='in' priority='500'> <tcp dstportstart='22'/> </rule> <rule action='accept' direction='out' priority='500'> <ip dstipaddr='IP1'/> </rule> <rule action='accept' direction='out' priority='500'> <ip dstipaddr='IP2'/> </rule> <rule action='drop' direction='out' priority='500'> <all/> </rule> </...

...<udp srcipaddr='$MYIP'/> </rule> <rule action='accept' direction='out' priority='500'> <icmp srcipaddr='$MYIP'/> </rule> <rule action='accept' direction='in' priority='500'> <tcp dstipaddr='$MYIP'/> </rule> <rule action='accept' direction='in' priority='500'> <udp dstipaddr='$MYIP'/> </rule> <rule action='accept' direction='in' priority='500'> <icmp dstipaddr='$MYIP...

I'm trying to apply a nwfilter rule for two networks on the same guest interface, like so: ~ # virsh nwfilter-dumpxml 1081532-private-both <filter name='1081532-private-both' chain='root'> <uuid>16004b94-2b62-4568-9467-169908eb4040</uuid> <rule action='accept' direction='in' priority='500'> <ip

...ilter rule and attached it to the interface of a guest using nwfilter-define: <filter name='private_ip' chain='ipv4'>   <uuid>foobar</uuid>   <rule action='accept' direction='out' priority='100'>     <ip srcipaddr='$IP' dstipaddr='10.0.0.1'/>   </rule>   <rule action='accept' direction='in' priority='110'>     <ip srcipaddr='10.0.0.1' dstipaddr='$IP'/>   </rule>   <rule action='drop' direction='inout' priority='500'&gt...

...? Thanks a lot. <filter name='filter-test'> <rule action='accept' direction='in' priority='500'> <tcp dstportstart='22'/> </rule> <rule action='accept' direction='out' priority='500'> <ip dstipaddr='IP1'/> </rule> <rule action='accept' direction='out' priority='500'> <ip dstipaddr='IP2'/> </rule> <rule action='drop' direction='out' priority='500'> <all/> </rule> </...

...state='ESTABLISHED'/> </rule> <rule action='accept' direction='out' priority='500'> <all state='ESTABLISHED,RELATED'/> </rule> <rule action='accept' direction='in' priority='100'> <ip dstipaddr='192.168.8.0' dstipmask='24'/> </rule> <rule action='accept' direction='out' priority='100'> <ip srcipaddr='192.168.8.0' srcipmask='24'/> </rule> <rule action='drop' direction='inout' p...

...<ip match='yes' srcipaddr='$GATEWAY_IP' srcipmask='$GATEWAY_IP_MASK' /> </rule> <!-- allow traffic only to specified MAC address --> <rule action='drop' direction='out'> <ip match='yes' dstipaddr='$GATEWAY_IP' dstipmask='$GATEWAY_IP_MASK' /> </rule> <!-- preventing any other traffic than between specified MACs and ARP --> <filterref filter='no-other-l2-traffic'/> <!-- allow qemu to send a self-announce upon migration end --> &lt...

i test the following simple filter <filter name='nwfilter-test-fedora2' chain='root'> <uuid>ccbd255f-4be5-4f0f-8835-770ea40cb2c9</uuid> <rule action='accept' direction='out' priority='500'> <tcp dstipaddr='10.1.24.0' dstipmask='24' comment='test test test'/> </rule> </filter> but i get strange results (look at the attached output of iptables-save) for me it looks like the direction='out' filters are attached to every chain for this domain. additiona...

...> <rule action='accept' direction='in'> <tcp dstportstart='22'/> </rule> <!-- accept the SSH to the other out --> <rule action='accept' direction='out'> <tcp dstipaddr='192.168.150.50' dstportstart='22' /> </rule> <!-- deny explicitly all other flows to go outside --> <rule action='drop' direction='inout'> <all/> </rule> </filter> then i defi...

Hello, I would like to make filter that allows communication only between specified VMs. Those VMs should be specified by their MAC address. The filter should extend clean-traffic but I was not able to get it working with that reference. I have came up with modified clean-traffic which works fine [1]. Is there a way to achieve the same behavior with reference to clean-traffic? Thank you. Best