On Wed, Feb 9, 2022 at 6:54 AM ravi k <kottapar@gmail.com> wrote:
Good people of the community,

Hi,
 
Hope you are all doing well. We are exploring the network filters in oVirt to check if we can implement a zero-trust model at the network level. The intention is to have a filter which takes two parameters, IP and PORT. After that there will be a 'deny all' rule. We realized that none of the default network filters offer such a functionality and the only option is to write a custom filter
Why don't we have such a filter in libvirt and thereby in oVirt? Someone would've already thought about such a use case. So I was thinking maybe network filters aren't meant to be used for implementing such functionalities like zero-trust?

You can definitely implement this filter on your own and if you feel like it is a good solution send a patch to libvirt. oVirt really depends on what is configured in libvirt, so if you define you filter
you can use it from the engine under some conditions.
1) You need to make sure that all hosts have this filter.
2) You need to define this filter in engine DB otherwise you would need some kind of hook to apply it. 
 

Also what are some practical use cases of the default filters that are provided? I was able to understand and use the clean-traffic and clean-traffic-gateway.

You can read what the predefined filters can offer in https://libvirt.org/formatnwfilter.html#nwfexamples
 

Regards,
ravi
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/J2PUNVD7N45X7YDE5UX2CXWGDEFDS46M/

Regards,
Ales

--

Ales Musil

Senior Software Engineer - RHV Network

Red Hat EMEA

amusil@redhat.com    IM: amusil