<div dir="ltr"><div>Probably an easier solution than implementing a vdsm hook in code, would be to use network filter parameters in the web-admin UI of the engine.<br><br>If the vNic profile of the network on the WAN interface (the one you would like to restrict IPs on) has a clean-traffic filter, then you can specify a different set of IPs for any interface using this network.<br></div><div>In the web-admin UI of the engine go to -<br>     Compute | Virtual machines | &lt;your vm&gt; | Network Interfaces | &lt;your interface&gt; <br>     and click  edit. <br><br>At the bottom of the edit form you can insert the ip pool for the interface by specifying several key-value pairs where the key is &#39;IP&#39; and the value is the ip address (e.g. 192.168.122.13).<br><br></div><div>HTH<br></div><div><br><img src="cid:ii_jgib768y0_163086e528307a6e" height="390" width="494"><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Apr 15, 2018 at 3:24 AM, Peter Hudec <span dir="ltr">&lt;<a href="mailto:phudec@cnc.sk" target="_blank">phudec@cnc.sk</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
Thanks,<br>
<br>
this was the last part into my puzzle, HOST INTERFACE params.<br>
<br>
The example hook provided in<br>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1366905#c8" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/<wbr>show_bug.cgi?id=1366905#c8</a>,<br>
<a href="https://bugzilla.redhat.com/attachment.cgi?id=1232201" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/<wbr>attachment.cgi?id=1232201</a> looks good, but<br>
it seems to set the IP param on all interfaces too, regardless on<br>
which interface the NIC PARAM is set.<br>
<br>
The hooks should be called per vNIC, as reading the<br>
<a href="https://www.ovirt.org/documentation/admin-guide/appe-VDSM_and_Hooks/#the" rel="noreferrer" target="_blank">https://www.ovirt.org/<wbr>documentation/admin-guide/<wbr>appe-VDSM_and_Hooks/#the</a><br>
- -vdsm-hook-domain-xml-object,<br>
the one/several of thees hooks should be used or maybe I&#39;m wrong ;(<br>
<br>
        Peter<br>
<span class=""><br>
On 14/04/2018 07:04, Eitan Raviv wrote:<br>
&gt; You might find the following useful:<br>
&gt; <br>
&gt; <a href="https://ovirt.org/develop/release-management/features/network/networkf
ilterparameters/" rel="noreferrer" target="_blank">https://ovirt.org/develop/<wbr>release-management/features/<wbr>network/networkf<br>
ilterparameters/</a><br>
&gt;<br>
&gt;  HTH<br>
&gt; <br>
&gt; On Thu, Apr 12, 2018, 14:52 Peter Hudec &lt;<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a> <br>
</span><span class="">&gt; &lt;mailto:<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a>&gt;&gt; wrote:<br>
&gt; <br>
&gt; Hi,<br>
&gt; <br>
&gt; I would like to restrict of usage IP address on VMs. Thos could be <br>
&gt; achied by usinf clear-filter instead of vdsm-no-mac-spoofing.<br>
&gt; <br>
&gt; I have found noipspoof vdsm hook, <br>
&gt; <a href="https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/noipspoof" rel="noreferrer" target="_blank">https://github.com/oVirt/vdsm/<wbr>tree/master/vdsm_hooks/<wbr>noipspoof</a>.<br>
&gt; <br>
&gt; This hook but set the filtering on all interfaces, the setting is<br>
&gt; on VM level, not interface level. So if the there are more<br>
&gt; interfaces on all of them. I would like just restrict the WAN<br>
&gt; interface on multi homed VMs.<br>
&gt; <br>
&gt; Peter<br>
&gt; <br>
&gt; -- *Peter Hudec* Infraštruktúrny architekt <a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a><br>
</span>&gt; &lt;mailto:<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a>&gt; &lt;mailto:<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a> <br>
<span class="">&gt; &lt;mailto:<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a>&gt;&gt;<br>
&gt; <br>
&gt; *CNC, a.s.* Borská 6, 841 04 Bratislava Recepcia: +421 2  35 000<br>
&gt; 100<br>
&gt; <br>
</span>&gt; Mobil:+421 905 997 203 *<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">www.cnc.sk</a> &lt;<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">http://www.cnc.sk</a>&gt;*<br>
&gt; &lt;http:///<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">www.cnc.sk</a> &lt;<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">http://www.cnc.sk</a>&gt;&gt;<br>
&gt; <br>
&gt; ______________________________<wbr>_________________ Users mailing list <br>
&gt; <a href="mailto:Users@ovirt.org">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org">Users@ovirt.org</a>&gt; <br>
&gt; <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
&gt; <br>
<br>
<br>
- -- <br>
<span class="">*Peter Hudec*<br>
Infraštruktúrny architekt<br>
<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a> &lt;mailto:<a href="mailto:phudec@cnc.sk">phudec@cnc.sk</a>&gt;<br>
<br>
*CNC, a.s.*<br>
Borská 6, 841 04 Bratislava<br>
Recepcia: +421 2  35 000 100<br>
<br>
Mobil:+421 905 997 203<br>
*<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">www.cnc.sk</a>* &lt;http:///<a href="http://www.cnc.sk" rel="noreferrer" target="_blank">www.cnc.sk</a>&gt;<br>
<br>
</span>-----BEGIN PGP SIGNATURE-----<br>
<br>
iQIzBAEBCgAdFiEEqSUbhuEwhryifN<wbr>eVQnvVWOJ35BAFAlrSm54ACgkQQnvV<wbr>WOJ3<br>
5BDz5A//<wbr>dqyf9wnvkRCjEmeUkMsN72qL7o+<wbr>utazM7L8S4sY4Pu6INsPhpy7QtwHw<br>
fyXbdrU9qy+5ts3g+<wbr>yoxpsdkTWUk47m/<wbr>6nQR3fiw0nXJu44/ABl+Hw4g0H3/<wbr>k86f<br>
7sYOYvZ8IfCpL9/2r1VRlP8j7e+<wbr>CdI8Ltcjppn7PtKhPT03f87p2PT1pJ<wbr>d95DYS+<br>
GbqZZ6yOAUlePP/808+<wbr>f7hYxKNz0ek1tf/<wbr>ZxzLgSJsCl1PsIhKiCBiuze/5hdeL5<br>
/VNWVSqVXNZdzOZkupxas50f/<wbr>AH6g4DXniyChqvoTi+<wbr>D37Wpf5yTxXM5C+Qf36Ok<br>
2qZEovxuno51A5l9qIE0n2LQ3I6zJb<wbr>ybdth33sV1uxFK65CWxlfLgbPxb4+<wbr>9JONF<br>
2yozK/DtmGC7Hree2INBGOJA/<wbr>55fCrccxSMuLW8JbmZqx43uCrE/<wbr>FBWZhXE6Lx+f<br>
F5hR5e3kJEWjEtyPKpdtXedmOsb06x<wbr>vGq+WFOGl8VgaRmNgsuLN/<wbr>YYy13kRDY+0K<br>
j//<wbr>ZX7ZqBaP9TqaW9y1LljTPLGugqVX+<wbr>uzPdbUvW4vqahNU8mT5Kq1pBrrGPdY<wbr>+C<br>
FolC1CLiWixAAhtSXfJihflFUJq+<wbr>pYkAXDYBNPj/<wbr>uyuIyeGXABw1UkJqgc0bVAal<br>
lSAMK2P09xwJ8Db5HpqxXpOHe/<wbr>s5XdYD8Mj0jebQ2308CPNxfQM=<br>
=AvLd<br>
-----END PGP SIGNATURE-----<br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr">Eitan Raviv<br>IRC: erav (#ovirt #vdsm #devel #rhev-dev)<br></div></div></div></div>
</div>