similar to: nwfilter multiple IPs

Nakta wrote: > libvirts nwfilter module can achieve that. I read over those resources and I did what I thought would be correct, but it's not having any effect. I created a new nwfilter like this: <filter name='allow-virbr2-vpn' chain='ipv4' priority='-700'> <rule action='accept' direction='in' priority='500'> <all

On Fri, Jun 29, 2018 at 3:40 AM Thiago Oliveira <cpv.thiago@gmail.com> wrote: > Hi Ales, > > I would like to prevent the guests from different subnets start a > communication. In other words I have the subnet 192.168.1.0/24 and > 192.168.2.0/24 and the guests from 192.168.1.0/24 cannot reach/talk with > guests on 192.168.2.0/24 at the same host. Is this possible using a

Hello, I have a nwfilter that I'm using to ensure that libvirt domains can't spoof IPv6 traffic. It looks like this: <filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'> <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='$IPV6' srcipmask='$IPV6MASK'/> </rule>

Hello, I would like to make filter that allows communication only between specified VMs. Those VMs should be specified by their MAC address. The filter should extend clean-traffic but I was not able to get it working with that reference. I have came up with modified clean-traffic which works fine [1]. Is there a way to achieve the same behavior with reference to clean-traffic? Thank you. Best

Hi, Libvirt's nwfilter ships a number of useful filter scripts by default, but none to handle IPv6 traffic. Is there a particular reason for that, or is that just because nobody has got around to that yet? One interesting thing about dealing with IPv6 traffic is that hosts often have several auto-configured addresses, usually at least one auto-configured link- local address under

Hi All, I am new to libvirt and encounter a strange problem to set up network filter in a NAT network. I launched VMs in a single host using NAT, i.e. interface type='network'. Now I want to control the outbound traffic from VM instance - only allow the VM to asses a set of ip addresses. My network filter xml is as follows. The problem is once I change the VM xml, shutdown and start VM,

I have the need to modify the behavior of the virtual network driver's behavior and how it deals with routed networks. I'm running libvirt-0.8.3-2.fc14. According to http://libvirt.org/firewall.html, the following is automatically added to the FORWARD chain of iptables when a network type of "routed" is started up: "Allow inbound, but only to our expected subnet.

Looking at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-virtual_networking-applying_network_filtering#sect-Applying_network_filtering-Usage_of_variables_in_filters, it sounds like the preferred approach is to use something like: <filter name='no-ipv6-spoofing' chain='ipv6-ip'

Hi folks, I'm using libvirt 3.9.0 running under CentOS 7.5. I want the guests, which are all within the same subnet (e.g. 10.0.0.x.), only talk to their default gateway (e.g. 10.0.0.1) but to each other. This is caused by a design issue of our network platform. I set up a filter rule and attached it to the interface of a guest using nwfilter-define: <filter name='private_ip'

i test the following simple filter <filter name='nwfilter-test-fedora2' chain='root'> <uuid>ccbd255f-4be5-4f0f-8835-770ea40cb2c9</uuid> <rule action='accept' direction='out' priority='500'> <tcp dstipaddr='10.1.24.0' dstipmask='24' comment='test test test'/> </rule> </filter> but i

I'm looking for a way to online resize a Windows disk -- i.e., be able to resize the disk without shutting down, rebooting, or detaching the disk. Is this at all possible? Or am I just barking up the wrong tree? I'm not finding a way to do this and even Amazon has a weird workaround, in which the user must write data to the newly resized-drive in order to recognize the new size

I'm trying to determine if it's possible to edit/attach/apply nwfilter rules at runtime? I.e., after a VM is already running, can I apply a nwfilter to the VM and have it work without rebooting the machine? Thus far, I've not come across a way to do so, but I thought I'd ask here before I chase my tail around Google. Thanks! -- Andre Goree -=-=-=-=-=- Email - andre at

Hello all. I was hoping someone out there might have some advice or suggestions regarding an upgrade from an archaic Asterisk version. I've been given the daunting task of upgrading a very old Asterisk-1.0.x install to a recent LTS version. I'll also need the install to have high-availability and failover support. From my research, it would appear that AsteriskNOW-3.0 might be my

, as it seems to be running Asterisk-11. =A0I&#39;ve previously installed A= sterisk-11+FreePBX in a VM, and this appears to be very similar. =A0Is ther= e any upside to using AsteriskNOW vs. Asterisk+FreePBX? Other than the obvi= ous fact that everything is nicely placed on an iso for ease of installatio= n?<br> <br> As for the actual upgrade, is it possible to step through each

I've been trying to follow the information found here [1] in order to provide an alias for RBD disks I'm defining, however it does not appear to be working and I wanted to see if I was doing something wrong. I define the alias like so (using 'virsh edit'): <disk type='file' device='disk'> <driver name='qemu' type='qcow2'

I have some questions regarding the way that networking is handled via qemu/kvm+libvirt -- my apologies in advance if this is not the proper mailing list for such a question. I am trying to determine how exactly I can manipulate traffic from a _guest's_ NIC using iptables on the _host_. On the host, there is a bridged virtual NIC that corresponds to the guest's NIC. That interface

I'm wondering whether or not anyone has tried to use guestmount on an image with a ZFS partition (MBR partition table). I can't seem to find much on the internet regarding it, but I do see hints that may lead me to a solution. I'm under the impression that libguestfs can use what ever is available to the kernel on the host -- in my case I have zfs-use installed and running. I

Is r/w to a UFS partition using 'guestmount' still an impossibility? From everything I've found, it seems to be something that is not possible at the moment. I was just wondering if that has changed or if there are plans to change that? Here is the issue I'm experiencing: ~# guestmount --rw -a ${disk_path}/${disk_name} -m /dev/sda4 /tmp/freebsd-master libguestfs: error:

On 2018/02/16 12:12 pm, Daniel P. Berrangé wrote: > On Fri, Feb 16, 2018 at 11:59:42AM -0500, Andre Goree wrote: >> I'm trying to determine if it's possible to edit/attach/apply nwfilter >> rules >> at runtime? I.e., after a VM is already running, can I apply a >> nwfilter to >> the VM and have it work without rebooting the machine? Thus far, I've