Probably an easier solution than implementing a vdsm hook in code, would be to use network filter parameters in the web-admin UI of the engine.

If the vNic profile of the network on the WAN interface (the one you would like to restrict IPs on) has a clean-traffic filter, then you can specify a different set of IPs for any interface using this network.
In the web-admin UI of the engine go to -
     Compute | Virtual machines | <your vm> | Network Interfaces | <your interface>
     and click  edit.

At the bottom of the edit form you can insert the ip pool for the interface by specifying several key-value pairs where the key is 'IP' and the value is the ip address (e.g. 192.168.122.13).

HTH




On Sun, Apr 15, 2018 at 3:24 AM, Peter Hudec <phudec@cnc.sk> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Thanks,

this was the last part into my puzzle, HOST INTERFACE params.

The example hook provided in
https://bugzilla.redhat.com/show_bug.cgi?id=1366905#c8,
https://bugzilla.redhat.com/attachment.cgi?id=1232201 looks good, but
it seems to set the IP param on all interfaces too, regardless on
which interface the NIC PARAM is set.

The hooks should be called per vNIC, as reading the
https://www.ovirt.org/documentation/admin-guide/appe-VDSM_and_Hooks/#the
- -vdsm-hook-domain-xml-object,
the one/several of thees hooks should be used or maybe I'm wrong ;(

        Peter

On 14/04/2018 07:04, Eitan Raviv wrote:
> You might find the following useful:
>
> https://ovirt.org/develop/release-management/features/network/networkf
ilterparameters/
>
>  HTH
>
> On Thu, Apr 12, 2018, 14:52 Peter Hudec <phudec@cnc.sk
> <mailto:phudec@cnc.sk>> wrote:
>
> Hi,
>
> I would like to restrict of usage IP address on VMs. Thos could be
> achied by usinf clear-filter instead of vdsm-no-mac-spoofing.
>
> I have found noipspoof vdsm hook,
> https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/noipspoof.
>
> This hook but set the filtering on all interfaces, the setting is
> on VM level, not interface level. So if the there are more
> interfaces on all of them. I would like just restrict the WAN
> interface on multi homed VMs.
>
> Peter
>
> -- *Peter Hudec* Infraštruktúrny architekt phudec@cnc.sk
> <mailto:phudec@cnc.sk> <mailto:phudec@cnc.sk
> <mailto:phudec@cnc.sk>>
>
> *CNC, a.s.* Borská 6, 841 04 Bratislava Recepcia: +421 2  35 000
> 100
>
> Mobil:+421 905 997 203 *www.cnc.sk <http://www.cnc.sk>*
> <http:///www.cnc.sk <http://www.cnc.sk>>
>
> _______________________________________________ Users mailing list
> Users@ovirt.org <mailto:Users@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/users
>


- --
*Peter Hudec*
Infraštruktúrny architekt
phudec@cnc.sk <mailto:phudec@cnc.sk>

*CNC, a.s.*
Borská 6, 841 04 Bratislava
Recepcia: +421 2  35 000 100

Mobil:+421 905 997 203
*www.cnc.sk* <http:///www.cnc.sk>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEqSUbhuEwhryifNeVQnvVWOJ35BAFAlrSm54ACgkQQnvVWOJ3
5BDz5A//dqyf9wnvkRCjEmeUkMsN72qL7o+utazM7L8S4sY4Pu6INsPhpy7QtwHw
fyXbdrU9qy+5ts3g+yoxpsdkTWUk47m/6nQR3fiw0nXJu44/ABl+Hw4g0H3/k86f
7sYOYvZ8IfCpL9/2r1VRlP8j7e+CdI8Ltcjppn7PtKhPT03f87p2PT1pJd95DYS+
GbqZZ6yOAUlePP/808+f7hYxKNz0ek1tf/ZxzLgSJsCl1PsIhKiCBiuze/5hdeL5
/VNWVSqVXNZdzOZkupxas50f/AH6g4DXniyChqvoTi+D37Wpf5yTxXM5C+Qf36Ok
2qZEovxuno51A5l9qIE0n2LQ3I6zJbybdth33sV1uxFK65CWxlfLgbPxb4+9JONF
2yozK/DtmGC7Hree2INBGOJA/55fCrccxSMuLW8JbmZqx43uCrE/FBWZhXE6Lx+f
F5hR5e3kJEWjEtyPKpdtXedmOsb06xvGq+WFOGl8VgaRmNgsuLN/YYy13kRDY+0K
j//ZX7ZqBaP9TqaW9y1LljTPLGugqVX+uzPdbUvW4vqahNU8mT5Kq1pBrrGPdY+C
FolC1CLiWixAAhtSXfJihflFUJq+pYkAXDYBNPj/uyuIyeGXABw1UkJqgc0bVAal
lSAMK2P09xwJ8Db5HpqxXpOHe/s5XdYD8Mj0jebQ2308CPNxfQM=
=AvLd
-----END PGP SIGNATURE-----



--
Eitan Raviv
IRC: erav (#ovirt #vdsm #devel #rhev-dev)