[ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)
Marcin Mirecki
mmirecki at redhat.com
Tue Sep 13 12:49:22 UTC 2016
Andre,
Please also try the clean-traffic filter.
This filter should prevent MAC, IP and ARP spoofing, all in one.
Thanks,
Marcin
----- Original Message -----
> From: "Marcin Mirecki" <mmirecki at redhat.com>
> To: "André Gustavo" <andre at andregustavo.org>
> Cc: Users at ovirt.org
> Sent: Tuesday, September 13, 2016 10:57:09 AM
> Subject: Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)
>
> Hi André,
>
> The best separation would be providing a separate network for each customer.
> This way you could protect them from other malicious users on your internal
> networks.
> Please describe your env in some more detail.
>
> Thanks,
> Marcin
>
>
>
> ----- Original Message -----
> > From: "André Gustavo" <andre at andregustavo.org>
> > To: Users at ovirt.org
> > Sent: Monday, September 12, 2016 8:33:40 PM
> > Subject: [ovirt-users] Associate IP addresses to MAC addresses
> > (anti-spoofing rules)
> >
> > Aloha,
> >
> > I'm using oVirt 4 in my hosting.
> >
> > However, easily a customer can change the IP to another client (IP
> > spoofing)
> >
> > In vNIC profiles, altered Network Filter
> > from "VDSM-on-mac-spoofing" to "no-ip-spoofing"
> >
> > It worked partially, but if the client power off 'vm' and turn on the 'vm',
> > he can perform the change in IP
> >
> > I tried to use eptables, but also had problems
> > http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof
> >
> >
> > What is the best option?
> >
> >
> > --
> > ---
> > André Gustavo Timermann
> > Curitiba/PR - Brasil
> >
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list