[ovirt-users] How to add the clean-traffic network-filter to a guest

Troels Arvin troels at arvin.dk
Sun Sep 25 08:17:48 UTC 2016

I would like to minimize the risk of virtual servers harming each other. 
As part of this, I would like to prevent them from changing their IP 
address to something different from what they are expected to have. In 
other words, I would like to prevent IP address spoofing in the guests. 
And I want to be able to do this without having to assign a different VLAN 
to each guest.

Setup: RHEV 3.6 with RH7-based RHEV-H hypervisor hosts.

Using virsh -r dumpxml  <guest name> on a host, I can see that the guests 
have the "vdsm-no-mac-spoofing" network filter active for the virtual 
network interface.

But what if I want the "clean-traffic" filter to be active for the 
guests, as well (or instead): Is there a way to accomplish that in the 
RHEV-M/oVirt management interface? If so: Where's the option(s) to be 
found in the management interface? Can it be done globally, i.e. as a 
default when guests are started?

Troels Arvin

More information about the Users mailing list