<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Sep 25, 2016 at 11:17 AM, Troels Arvin <span dir="ltr"><<a target="_blank" href="mailto:troels@arvin.dk">troels@arvin.dk</a>></span> wrote:<br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">I would like to minimize the risk of virtual servers harming each other.<br>
As part of this, I would like to prevent them from changing their IP<br>
address to something different from what they are expected to have. In<br>
other words, I would like to prevent IP address spoofing in the guests.<br>
And I want to be able to do this without having to assign a different VLAN<br>
to each guest.<br>
<br>
Setup: RHEV 3.6 with RH7-based RHEV-H hypervisor hosts.<br>
<br>
Using virsh -r dumpxml <guest name> on a host, I can see that the guests<br>
have the "vdsm-no-mac-spoofing" network filter active for the virtual<br>
network interface.<br>
<br>
But what if I want the "clean-traffic" filter to be active for the<br>
guests, as well (or instead): Is there a way to accomplish that in the<br>
RHEV-M/oVirt management interface? If so: Where's the option(s) to be<br>
found in the management interface? Can it be done globally, i.e. as a<br>
default when guests are started?<br>
<span class="gmail-HOEnZb"><font color="#888888"><br></font></span></blockquote><div><br></div><div>In 4.0 you can set this in the vnic profile (per network).<br></div><div><br>With 3.6, you will need to create a hook to do it.<br>See <a href="https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof">https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof</a> to get<br></div><div>an idea how you could do it.<br></div><div> </div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"><span class="gmail-HOEnZb"><font color="#888888">
--<br>
Regards,<br>
Troels Arvin<br>
<br>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a target="_blank" rel="noreferrer" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
</font></span></blockquote></div><br></div></div>