Andre, Please also try the clean-traffic filter. This filter should prevent MAC, IP and ARP spoofing, all in one. Thanks, Marcin ----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "André Gustavo" <andre@andregustavo.org> Cc: Users@ovirt.org Sent: Tuesday, September 13, 2016 10:57:09 AM Subject: Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)
Hi André,
The best separation would be providing a separate network for each customer. This way you could protect them from other malicious users on your internal networks. Please describe your env in some more detail.
Thanks, Marcin
----- Original Message -----
From: "André Gustavo" <andre@andregustavo.org> To: Users@ovirt.org Sent: Monday, September 12, 2016 8:33:40 PM Subject: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)
Aloha,
I'm using oVirt 4 in my hosting.
However, easily a customer can change the IP to another client (IP spoofing)
In vNIC profiles, altered Network Filter from "VDSM-on-mac-spoofing" to "no-ip-spoofing"
It worked partially, but if the client power off 'vm' and turn on the 'vm', he can perform the change in IP
I tried to use eptables, but also had problems http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof
What is the best option?
-- --- André Gustavo Timermann Curitiba/PR - Brasil
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users