I haven't don e it based on IP but I think you could set separate chains per MAC or 802.1Q VLAN ID.. ebtables -A FORWARD -p IPv4 --ip-dst 172.16.1.4 -s -j DROP or ebtables -A FORWARD -d 00:11:22:33:44:55 -j DROP DROP actually drops to IPTABLES. So, then you just setup iptables normally. This assumes you're running a bridge and watch out for --physdev-in -Chris On 6/5/2014 8:55 AM, Ovirt User wrote:
hi chris,
at node level ?
Il giorno 03/giu/2014, alle ore 17:29, Ovirt User <ldrt8789@gmail.com> ha scritto:
Hello Guys,
i'm searching for a simple firewall solution ( deny some ports etc ).
It is possibile configure a firewall in the node ? to protect the vm's ?
Thanks Lukas
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users