[ovirt-users] IP Address Stealing

Subhendu Ghosh sghosh at redhat.com
Thu Aug 4 03:27:43 UTC 2016


Not built into ovirt AFAIK,  but an ebtables rule can allow you to filter out mac+ip combinations 

Look at the anti-spoofing rules on ebtables.netfilter.org

It doesn't prevent the user adding it in the vm, but the infrastructure blocks it's usage.

________________________________
From: Bill Bill <jax2568 at outlook.com>
Sent: Aug 3, 2016 22:40
To: users at ovirt.org
Subject: [ovirt-users] IP Address Stealing

Hello,

 

It is possible to prevent a VM from adding an IP? For example, if we provision a VM with one IP, if the user has root access they can simply add random IP’s from within the same range as sub interfaces: eth0:0 eth0:1 eth0:2 so on and so forth.

 

Subnetting is not ideal in this situation because it’s a huge waste of IP space.

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160803/03f67eb5/attachment-0001.html>


More information about the Users mailing list