I forgot to comment It is a public network (Public IP) I have 2 servers and 1 router I hired a "IP block" that can be accessed through the router For example: Network: 165.112.12.112/28 IPs: 165.112.12.113 - 167.114.12.125 Gateway: 165.112.12.126 (router) I provide to my client a public IP directly in VM I want to prevent a customer responds by another customer or take another ip available for himself ---- Since that my client has access to the "User Portal" The "clean-traffic" filter will prevent it change the ip when it shut down and restart the VM? Thanks, André 2016-09-13 5:57 GMT-03:00 Marcin Mirecki <mmirecki@redhat.com>:
Hi André,
The best separation would be providing a separate network for each customer. This way you could protect them from other malicious users on your internal networks. Please describe your env in some more detail.
Thanks, Marcin
----- Original Message -----
From: "André Gustavo" <andre@andregustavo.org> To: Users@ovirt.org Sent: Monday, September 12, 2016 8:33:40 PM Subject: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)
Aloha,
I'm using oVirt 4 in my hosting.
However, easily a customer can change the IP to another client (IP spoofing)
In vNIC profiles, altered Network Filter from "VDSM-on-mac-spoofing" to "no-ip-spoofing"
It worked partially, but if the client power off 'vm' and turn on the 'vm', he can perform the change in IP
I tried to use eptables, but also had problems http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof
What is the best option?
-- --- André Gustavo Timermann Curitiba/PR - Brasil
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- --- André Gustavo Timermann