similar to: East-west traffic network filter

Displaying 20 results from an estimated 300 matches similar to: "East-west traffic network filter"

2018 Jul 02
1
Re: East-west traffic network filter
On Fri, Jun 29, 2018 at 3:40 AM Thiago Oliveira <cpv.thiago@gmail.com> wrote: > Hi Ales, > > I would like to prevent the guests from different subnets start a > communication. In other words I have the subnet 192.168.1.0/24 and > 192.168.2.0/24 and the guests from 192.168.1.0/24 cannot reach/talk with > guests on 192.168.2.0/24 at the same host. Is this possible using a
2018 Jun 29
0
Re: East-west traffic network filter
Hi Ales, I would like to prevent the guests from different subnets start a communication. In other words I have the subnet 192.168.1.0/24 and 192.168.2.0/24 and the guests from 192.168.1.0/24 cannot reach/talk with guests on 192.168.2.0/24 at the same host. Is this possible using a filter like yours? Thank you. Thiago. Em qui, 28 de jun de 2018 às 09:37, Ales Musil <amusil@redhat.com>
2018 Jun 28
0
Re: East-west traffic network filter
On Thu, Jun 28, 2018 at 10:18:57AM +0200, Ales Musil wrote: > Hello, > > I would like to make filter that allows communication only between > specified VMs. Those VMs should be specified by their MAC address. The > filter should extend clean-traffic but I was not able to get it working > with that reference. I have came up with modified clean-traffic which works > fine [1].
2005 Dec 13
2
Restricting logins to certain clients
I run samba-3 as PDC for a small domain with 4 clients. User A should be allowed to login on all client machines, while logins for the privileged user B should be restricted to 2 machines for security reasons. Any ideas how to manage that? Suggestions for further reading would be highly appreciated? Hans Musil
2012 Nov 07
1
Problems when filtering on icmpv6
Hi, I am trying to prevent my qemu guest machines from sending IPv6 router advertisements over their network device. To that end, I have written this filter definition: <filter name='no-ipv6-router-advertisement' chain='root' priority='-690'> <rule action='drop' direction='out' priority='600'> <icmpv6 type='134'/>
2014 May 26
2
nwfilter usage
I'm trying to accomplish what I had hoped would be a fairly simple filtering of traffic to my VMs, but I'm hitting a snag. The VMs are allowing traffic when I wouldn't expect them to. Host and Guest are both running the same platform: Ubuntu 12.04.4 LTS 0.9.8-2ubuntu17.19 I have a basic bridge enabled on the host: brctl addbr brdg brctl addif brdg eth1 ip link set brdg up The host
2020 Jan 01
2
Passing multiple addresses with masks to nwfilter
Hello, I have a nwfilter that I'm using to ensure that libvirt domains can't spoof IPv6 traffic. It looks like this: <filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'> <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='$IPV6' srcipmask='$IPV6MASK'/> </rule>
2013 Jan 22
1
plot.mob() fails with cut() error "'breaks' are not unique"
DeaR all, I am using mob() for model based partitioning, with a dichotomous variable (participant's correct/incorrect response to a test item) regressed onto a continuous predictor related to a given property of the test item. Although this variable is continuous, the value of this variable for many items in this particular analysis is 0. The partitioning criterion is self-reported ability in
2013 Nov 19
2
macvtap direct and ip spoofing
Hi there. I have configured kvm domain (rhel6.4) with ethernet bridged over macvtap, and found no filtration applied except mac. 'virsh' just silently ignoring attributes 'filterref' and 'ip address' in different formats. No error on validate stage. Config examples: ... <interface type='direct'> <mac address='52:54:00:31:ae:1a'/>
2007 Oct 14
3
DO NOT REPLY [Bug 5020] New: hang using RSYNC_CONNECT_PROG
https://bugzilla.samba.org/show_bug.cgi?id=5020 Summary: hang using RSYNC_CONNECT_PROG Product: rsync Version: 3.0.0 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned@samba.org ReportedBy: Matt_Domsch@dell.com QAContact:
2014 Jan 15
2
How to update filterref of a vm on the fly?
Hello, I defined a vm with filterref like: <filterref filter='clean-traffic'> <parameter name='IP' value='192.168.1.161'/> </filterref> and now I need to add another IP parameter for this vm,is there any way to achieve this? thanks.
2015 May 01
1
libvirt nwfilter
To take advantage of the filters, is it as simple as adding these couple of lines in a guest's xml file like the example from https://libvirt.org/formatnwfilter.html#nwfconcepts ? <devices> <interface type='bridge'> <mac address='00:16:3e:5d:c7:9e'/> <filterref filter='clean-traffic'> <parameter name='IP'
2018 Dec 25
2
Network filters with clean-traffic not working on Debian Stretch
Hello, I'm recently stumbled over the libvirt network filter capabilities and got pretty excited. Unfortunately I'm not able to get the the "clean-traffic" filterset working. I'm using a freshly installed Debian Stretch with libvirt, qemu and KVM. My config snippet looks as follows: sudo virsh edit <VM> [...] <interface type='bridge'> <mac
2014 Apr 30
3
virsh update-device: need to clear network filters
Hi, Can anyone please help with the following: I have a running instance with interface <interface type='bridge'> <mac address='fa:16:3e:ba:a4:67'/> <source bridge='br100/> <target dev='vnet0'/> <model type='virtio'/> <filterref filter='nova-instance-instance-00000001-fa163ebaa467'/>
2014 May 28
3
Re: nwfilter usage
On 05/27/2014 02:46 AM, Brian Rak wrote: > Make sure you have: > > /proc/sys/net/bridge/bridge-nf-call-iptables = 1 That doesn't make sense. bridge-nf-call-iptables controls whether or not traffic going across a Linux host bridge device will be sent through iptables, but the rules created by nwfilter are applied to the "vnetX" tap devices that connect the guest to the
2017 Jun 07
2
Re: Isolate VMs' network
On Tue, Jun 06, 2017 at 11:37:27PM -0300, Thiago Oliveira wrote: > Daniel, > > Are you talking about XML? If yes, could please show us an example? <domain> ... <devices> .... <interface type='bridge'> <mac address='00:16:3e:5d:c7:9e'/> <filterref filter='clean-traffic'/> </interface> ....
2015 Mar 10
1
Issues with XML validation after upgrade to 1.2.12
After we upgraded to 1.2.12, we've been having issues with libvirt... it complains that our formerly valid guest definitions are now invalid: error: Failed to start domain XXXX error: internal error: Cannot instantiate filter due to unresolvable variables or unavailable list elements: DHCPSERVER We looked into this, and found that it's the XML validation that's failing: # xmllint
2014 Jan 15
2
Re: How to update filterref of a vm on the fly?
> > No, I don't believe we have a way to update the parameters. > > Hi, Daniel :-), it would be very nice if there is a way to update filterref , :-) thanks.
2010 Nov 13
1
network filtering
I try to add some rules to filtering network, example <filterref filter='clean-traffic'/> or <filterref filter='no-ip-spoofing'/> and vm not starting with message virsh start freebsd8.2 error: Failed to start domain freebsd8.2 error: internal error IP parameter must be given since libvirt was not compiled with IP address learning support what do I do wrong?
2014 Apr 02
1
ebtables rules are not applied when using libvirt nwfilter
Dear all, I configure my kvm vm like this: <interface type='bridge'> <mac address='52:54:00:dd:b2:c5'/> <source bridge='nw-vpc-1017'/> <target dev='if-57'/> <model type='virtio'/> <filterref filter='clean-traffic'> <parameter name='IP'