Re: [ovirt-users] vlan-tagging on non-tagged network
Hi, My two cents is that shouldn’t be doing mac spoofing protection as a default. There are several use cases where you may use virtual nics defined withing the guest and this feature is going to create problems to users that may not know that there’s a mac spoofing protection withing ovirt. Think of keeaplived vmac option, openvpn and any tap adapter you need to create. If you need to protect against spoofing attacks, you should use the hook or more powerful tools and in any case, you must be aware that you used this kind of protection. Regards,
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 19/08/15 12:55, Juan Pablo Lorier wrote:
Hi,
My two cents is that shouldn’t be doing mac spoofing protection as a default. There are several use cases where you may use virtual nics defined withing the guest and this feature is going to create problems to users that may not know that there’s a mac spoofing protection withing ovirt. Think of keeaplived vmac option, openvpn and any tap adapter you need to create. If you need to protect against spoofing attacks, you should use the hook or more powerful tools and in any case, you must be aware that you used this kind of protection. Regards,
I disagree: This violates the "secure by default" design pattern. The default should be secure, furthermore, it was so in every ovirt release before, so it would be a sudden change. if you need such advanced network setups in your guests you should be able to search the documentation. - -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +495772 293100 F: +495772 293333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhaus en Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJV1HUjAAoJEMby9TMDAbQR0yEP/0it0Mh2p3EeBUG32uprxGcb BC0D6QIGIBBLaZutrXSsOYLOlwK+QMTYDneo7S8wbHMLnTgig2fgByF8EJ0f2hg8 ELRsDhGKaKPyGPevJ3i1VUg1A43sBVSAedFAdcpTQjtZKImrOROgu2uquwkeBsju 9+Lwp5nRa64vxeZkyc93Bof3K1LP0L0FV9y3WwoGVd7UdZ2hw+k/4tyVeTRBWybS phiEPWY9zmfCGOsztfs2LfmVMXtHjgCKpqySlpKuMVFwN0w6jMXst7tK18OU+B1i 2hp0MY79jZQqTW/gc0RK7lQVZjZjphVeyQv9yKIfEA0y8DD2H7XgzfS860Htx+ng JTRt+iI4VYVaxUtRr3oxPBPoUVG4y4MmtQYUtnG8m5aY9pgrYjeCQIeoyZS5AWxA Y7gHJpdlBPFNxRdOYI1KNk2RvSxRuzZZ6AgP7gOJXHTylqo0DdIF5xI+vtGteyyX xaeikGSo0Dcq+FYgwA/qfDRCTXl0TWobvVYcJLch71jJtqZKbcw8TNCbZs8pLJvD bRM1hy2rLCXD51ieTo/r8uFhE6OuHjUTbRbrBqNlOVMRyCIZuYE0t0Ct5rGTH37t TVge3Je4o+xF40TdbTA6I29Erl50oZZW+qZg/E2S36bQL7qV55+qvfzTvU64wK9i pBqXJP7nAFV8vCCrxctX =qWrQ -----END PGP SIGNATURE-----
participants (2)
-
Juan Pablo Lorier -
Sven Kieske