search for: dstipmask

I'm trying to apply a nwfilter rule for two networks on the same guest interface, like so: ~ # virsh nwfilter-dumpxml 1081532-private-both <filter name='1081532-private-both' chain='root'> <uuid>16004b94-2b62-4568-9467-169908eb4040</uuid> <rule action='accept' direction='in' priority='500'> <ip

...</rule> <rule action='accept' direction='out' priority='500'> <all state='ESTABLISHED,RELATED'/> </rule> <rule action='accept' direction='in' priority='100'> <ip dstipaddr='192.168.8.0' dstipmask='24'/> </rule> <rule action='accept' direction='out' priority='100'> <ip srcipaddr='192.168.8.0' srcipmask='24'/> </rule> <rule action='drop' direction='inout' priority='500'> &l...

...; srcipaddr='$GATEWAY_IP' srcipmask='$GATEWAY_IP_MASK' /> </rule> <!-- allow traffic only to specified MAC address --> <rule action='drop' direction='out'> <ip match='yes' dstipaddr='$GATEWAY_IP' dstipmask='$GATEWAY_IP_MASK' /> </rule> <!-- preventing any other traffic than between specified MACs and ARP --> <filterref filter='no-other-l2-traffic'/> <!-- allow qemu to send a self-announce upon migration end --> <filterref filter='qemu-anno...

...test the following simple filter <filter name='nwfilter-test-fedora2' chain='root'> <uuid>ccbd255f-4be5-4f0f-8835-770ea40cb2c9</uuid> <rule action='accept' direction='out' priority='500'> <tcp dstipaddr='10.1.24.0' dstipmask='24' comment='test test test'/> </rule> </filter> but i get strange results (look at the attached output of iptables-save) for me it looks like the direction='out' filters are attached to every chain for this domain. additional there are wrong conntrack, s...

Hello, I would like to make filter that allows communication only between specified VMs. Those VMs should be specified by their MAC address. The filter should extend clean-traffic but I was not able to get it working with that reference. I have came up with modified clean-traffic which works fine [1]. Is there a way to achieve the same behavior with reference to clean-traffic? Thank you. Best