[virt-tools-list] Recommendation for improvement/feature request of virt-manager
Cole Robinson
crobinso at redhat.com
Fri Oct 5 16:52:55 UTC 2018
On 10/03/2018 07:03 PM, scrap at mailbox.org wrote:
> Hello together,
>
> in first - thanks to all of you for your great work!
>
> I have just a small feature request for virt-manager:
>
> Unfortunately it is not possible yet to block guests public internet
> access in the guest machine settings (= NIC settings).
>
> Some additional option inside guests NIC settings to avoid public
> internet access would be awesome. Right now, only network source
> (NAT/host devices) and desired device model (virtio etc.) can be
> configured in that menue.
>
> Would it be possible to add some checkmark to activate the option
> "Prohibit guests network access to public internet" while preserving
> guests network access to the host machine?
>
Do you have in mind a specific libvirt/qemu feature that you want
exposed, or are you asking for this kind of on/off switch to implemented
lower in the stack?
You can avoid public internet access by choosing an appropriate network
source: NAT guests are not accessible from the outside world. If you are
using a bridge or macvtap, then it's essentially like your VM is just a
host on the same network the physical machine is on, so you would use
whatever mechanism you would use to protect your physical host, like a
firewall on your home router.
What kind of network source are you using?
- Cole
More information about the virt-tools-list
mailing list