[ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)
Marcin Mirecki
mmirecki at redhat.com
Tue Sep 13 08:57:09 UTC 2016
Hi André,
The best separation would be providing a separate network for each customer.
This way you could protect them from other malicious users on your internal networks.
Please describe your env in some more detail.
Thanks,
Marcin
----- Original Message -----
> From: "André Gustavo" <andre at andregustavo.org>
> To: Users at ovirt.org
> Sent: Monday, September 12, 2016 8:33:40 PM
> Subject: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)
>
> Aloha,
>
> I'm using oVirt 4 in my hosting.
>
> However, easily a customer can change the IP to another client (IP spoofing)
>
> In vNIC profiles, altered Network Filter
> from "VDSM-on-mac-spoofing" to "no-ip-spoofing"
>
> It worked partially, but if the client power off 'vm' and turn on the 'vm',
> he can perform the change in IP
>
> I tried to use eptables, but also had problems
> http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof
>
>
> What is the best option?
>
>
> --
> ---
> André Gustavo Timermann
> Curitiba/PR - Brasil
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list