[ovirt-users] How to add the clean-traffic network-filter to a guest
Troels Arvin
troels at arvin.dk
Sun Sep 25 08:17:48 UTC 2016
I would like to minimize the risk of virtual servers harming each other.
As part of this, I would like to prevent them from changing their IP
address to something different from what they are expected to have. In
other words, I would like to prevent IP address spoofing in the guests.
And I want to be able to do this without having to assign a different VLAN
to each guest.
Setup: RHEV 3.6 with RH7-based RHEV-H hypervisor hosts.
Using virsh -r dumpxml <guest name> on a host, I can see that the guests
have the "vdsm-no-mac-spoofing" network filter active for the virtual
network interface.
But what if I want the "clean-traffic" filter to be active for the
guests, as well (or instead): Is there a way to accomplish that in the
RHEV-M/oVirt management interface? If so: Where's the option(s) to be
found in the management interface? Can it be done globally, i.e. as a
default when guests are started?
--
Regards,
Troels Arvin
More information about the Users
mailing list