Displaying 6 results from an estimated 6 matches for "srcipmask".
2018 Mar 29
1
nwfilter multiple IPs
...ter-dumpxml 1081532-private-both
<filter name='1081532-private-both' chain='root'>
<uuid>16004b94-2b62-4568-9467-169908eb4040</uuid>
<rule action='accept' direction='in' priority='500'>
<ip srcipaddr='10.25.104.0' srcipmask='24'/>
</rule>
<rule action='accept' direction='in' priority='600'>
<ip srcipaddr='10.117.50.0' srcipmask='24'/>
</rule>
<rule action='drop' direction='in' priority='1000'/>
<...
2020 Jan 01
2
Passing multiple addresses with masks to nwfilter
...ensure that libvirt domains can't spoof
IPv6 traffic. It looks like this:
<filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'>
<rule action='return' direction='out' priority='500'>
<ipv6 srcipaddr='$IPV6' srcipmask='$IPV6MASK'/>
</rule>
<rule action='drop' direction='out' priority='1000'/>
</filter>
The goal is to allow any traffic coming from the entire prefix (e.g.
2001:db8::/32). This theoretically would work fine when passing in the
variables from...
2020 Jan 01
0
Re: Passing multiple addresses with masks to nwfilter
...n_filters,
it sounds like the preferred approach is to use something like:
<filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'>
<rule action='return' direction='out' priority='500'>
<ipv6 srcipaddr='$IPV6[@1]' srcipmask='$IPV6_MASK[@1]'/>
</rule>
<rule action='drop' direction='out' priority='1000'/>
</filter>
The documentation reads:
Assign concrete values to SRCIPADDRESSES and DSTPORTS as shown:
SRCIPADDRESSES = [ 10.0.0.1, 11.1.2.3 ]
DSTPORTS = [ 80, 80...
2019 Jun 03
1
Easy solution for custom firewall rules-
...<rule action='accept' direction='in' priority='100'>
<ip dstipaddr='192.168.8.0' dstipmask='24'/>
</rule>
<rule action='accept' direction='out' priority='100'>
<ip srcipaddr='192.168.8.0' srcipmask='24'/>
</rule>
<rule action='drop' direction='inout' priority='500'>
<all/>
</rule>
</filter>
I then associated that filter with the Interface device on the VM
server within KVM... and shutdown/restart that VM.
<interfa...
2018 Jul 02
1
Re: East-west traffic network filter
...='inout' priority='-500'>
<mac protocolid='arp'/>
</rule>
<!-- accept traffic only from specified MAC address -->
<rule action='drop' direction='in'>
<ip match='yes' srcipaddr='$GATEWAY_IP'
srcipmask='$GATEWAY_IP_MASK' />
</rule>
<!-- allow traffic only to specified MAC address -->
<rule action='drop' direction='out'>
<ip match='yes' dstipaddr='$GATEWAY_IP'
dstipmask='$GATEWAY_IP_MASK' />...
2018 Jun 28
4
East-west traffic network filter
Hello,
I would like to make filter that allows communication only between
specified VMs. Those VMs should be specified by their MAC address. The
filter should extend clean-traffic but I was not able to get it working
with that reference. I have came up with modified clean-traffic which works
fine [1]. Is there a way to achieve the same behavior with reference to
clean-traffic?
Thank you.
Best