[libvirt-users] Isolate VMs' network
Daniel P. Berrange
berrange at redhat.com
Tue Jun 6 21:03:09 UTC 2017
On Tue, Jun 06, 2017 at 08:50:45PM +0200, Chris wrote:
> Chris wrote:
> > I'm trying to setup a network with some virtual machines, that can connect
> > to each other and to the internet, but neither to the host nor to other
> > VMs.
>
> Thank you for your replies. Unfortunately, I didn't mention, that I'd like
> to be able to test malicious software, so my network filtering shouldn't
> depend on the guests' IP addresses. I think I have to setup a new virtual
> "virus" interface and configure iptables on the host for this interface.
> Is this possible?
You can use the network filters to setup antispoofing protection for both
IP addresses and MAC addresses. In fact this is what the "clean-traffic"
example filter libvirt provides will do for you.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvirt-users
mailing list