Am 24.06.2014 11:52, schrieb Punit Dambiwal:
Hi Den,
Thanks for the updates...but still the user can spoof the another ip address by manually edit the ifcfg-eth0:0 file....
Like if i assign the 10.0.0.5 ip address to one VM through cloud-int...once the VM bootup user can login to VM and create another virtual ethernet device and add another ip address 10.0.0.6 to this VM....
I want in anyhow the user can not spoof the ip address....either they can edit but the new ip address can not boot up(should not active)...
Thanks, Punit
Imho you can't force the vm to not spin it's inside network interface up with a certain IP. What you _can_ (and should) prevent is to allow packets from this spoofed ip to access your network. this is, what the filter no-ip-spoofing does, see the docs here: http://libvirt.org/formatnwfilter.html#nwfexamples it prevents sending spoofed packages from inside the vm by not allowing them on the virtual integrated libvirt switch on your host (which runs the vm). this might look a little different, depending on your network setup (bonding, bridges, vlans). HTH -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen