[libvirt-users] Isolate VMs' network
Thiago Oliveira
cpv.thiago at gmail.com
Wed Jun 7 18:32:55 UTC 2017
Hi Daniel,
I added the option <filterref filter='clean-traffic'/> and my VM stop to
ping the gateway and the others VM's in the same host.
I would like to prevent that VM's in differents subnets can ping or spoof
others VM's. Each subnet is related with a customer and I would like to
separete the traffic like VLAN does.
Is this possible with some options in xml ?
Thank you very much.
Thiago
2017-06-07 5:25 GMT-03:00 Daniel P. Berrange <berrange at redhat.com>:
> On Tue, Jun 06, 2017 at 11:37:27PM -0300, Thiago Oliveira wrote:
> > Daniel,
> >
> > Are you talking about XML? If yes, could please show us an example?
>
> <domain>
> ...
> <devices>
> ....
> <interface type='bridge'>
> <mac address='00:16:3e:5d:c7:9e'/>
> <filterref filter='clean-traffic'/>
> </interface>
> ....
> </devices>
> ...
> </domain>
>
> There is quite alot more info here:
>
> http://libvirt.org/formatnwfilter.html
> http://libvirt.org/firewall.html
>
>
> Regards,
> Daniel
> --
> |: https://berrange.com -o- https://www.flickr.com/photos/
> dberrange :|
> |: https://libvirt.org -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org -o- https://www.instagram.com/
> dberrange :|
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20170607/077b9acf/attachment.htm>
More information about the libvirt-users
mailing list