Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)

Tuesday, 13 September 2016

Hi André,

The best separation would be providing a separate network for each customer.
This way you could protect them from other malicious users on your internal networks.
Please describe your env in some more detail.

Thanks,
Marcin

----- Original Message -----
...
 From: "André Gustavo" <andre(a)andregustavo.org&gt;
 To: Users(a)ovirt.org
 Sent: Monday, September 12, 2016 8:33:40 PM
 Subject: [ovirt-users] Associate IP addresses to MAC addresses	(anti-spoofing rules)

 Aloha,

 I'm using oVirt 4 in my hosting.

 However, easily a customer can change the IP to another client (IP spoofing)

 In vNIC profiles, altered Network Filter
 from "VDSM-on-mac-spoofing" to "no-ip-spoofing"

 It worked partially, but if the client power off 'vm' and turn on the
'vm',
 he can perform the change in IP

 I tried to use eptables, but also had problems
 http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof

 What is the best option?

 --
 ---
 André Gustavo Timermann
 Curitiba/PR - Brasil

 _______________________________________________
 Users mailing list
 Users(a)ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)