[ovirt-users] Re: Network filters in oVirt : zero-trust, IP and port filtering
On Wed, Feb 9, 2022 at 6:54 AM ravi k <kottapar(a)gmail.com> wrote:
Good people of the community,
Hi,
Hope you are all doing well. We are exploring the network filters in
oVirt
to check if we can implement a zero-trust model at the network level. The
intention is to have a filter which takes two parameters, IP and PORT.
After that there will be a 'deny all' rule. We realized that none of the
default network filters offer such a functionality and the only option is
to write a custom filter
Why don't we have such a filter in libvirt and thereby in oVirt? Someone
would've already thought about such a use case. So I was thinking
maybe
network filters aren't meant to be used for implementing such
functionalities like zero-trust?
You can definitely implement this filter on your own and if you feel like
it is a good solution send a patch to libvirt. oVirt really depends on what
is configured in libvirt, so if you define you filter
you can use it from the engine under some conditions.
1) You need to make sure that all hosts have this filter.
2) You need to define this filter in engine DB otherwise you would need
some kind of hook to apply it.
Also what are some practical use cases of the default filters that are
provided? I was able to understand and use the clean-traffic and
clean-traffic-gateway.
You can read what the predefined filters can offer in
https://libvirt.org/formatnwfilter.html#nwfexamples
Regards,
ravi
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/J2PUNVD7N45...
Regards,
Ales
--
Ales Musil
Senior Software Engineer - RHV Network
Red Hat EMEA <https://www.redhat.com>
amusil(a)redhat.com IM: amusil
<https://red.ht/sig>
Attachments:
- attachment.html (text/html — 5.1 KB)