Hi Dan,

I try the following way :-

1. I placed your script in the following location :- /usr/libexec/vdsm/hooks/before_device_create/50_noipspoof & /usr/libexec/vdsm/hooks/before_nic_hotplug/50_noipspoof

2. Then run this command on the ovirt-engine server (engine-config -s "UserDefinedVMProperties=noipspoof=^[0-9.]*$")

3. After that stop the VM and set a custom property named "noipspoof" with ip 10.10.10.6.

4. Run the VM and login via ssh,configure another ethernet with eth0:0 with the ip address 10.10.10.9

5. From another VM with ip 10.10.10.5 i can able to ping 10.10.10.9....

One strange thing is in VM xml still the filter is "vdsm-no-mac-spoofing" instead of "noipspoof"

----------------

----------------

Please let me know if i am wrong here....

On Tue, Jun 24, 2014 at 8:06 PM, Dan Kenigsberg <danken@redhat.com> wrote:

On Tue, Jun 24, 2014 at 05:52:51PM +0800, Punit Dambiwal wrote:
> Hi Den,
>
> Thanks for the updates...but still the user can spoof the another ip
> address by manually edit the ifcfg-eth0:0 file....
>
> Like if i assign the 10.0.0.5 ip address to one VM through cloud-int...once
> the VM bootup user can login to VM and create another virtual ethernet
> device and add another ip address 10.0.0.6 to this VM....
>
> I want in anyhow the user can not spoof the ip address....either they can
> edit but the new ip address can not boot up(should not active)...
>
> Thanks,
> Punit

Have you placed my script properly? Could you share your domxml as
visible to libvirt?

virsh -r dumxml <name-of-your-vm>

And as alluded by Sven - could you try to use the spooded IP address?
Configuring is not blocked by the filter, only using it (try pinging
outside of the VM).

Regrads,
Dan.