On Wed, 2009-11-18 at 17:10 +0100, Gerhard Stenzel wrote:
On Wed, 2009-11-04 at 12:55 +0000, Daniel P. Berrange wrote: ...
Mark pointed out to me offlist, that this filtering is a little too restrictive because it also blocks multicast + broadcast packets. We can fix that easily enough with an extra patch though, and a single catch-all rule for multi/broad-cast packets.
Daniel
Hi, I have revisited this subject and was trying to find a scenario, where multi/broad-cast packets would be affected by this patch and failed so far. Since only the source mac address of a guest is filtered, I don't see how a multicast or broadcast destination mac address could be a problem.
What am I missing?
Ah, that makes sense, thanks. I hadn't looked closely enough to notice that you're only doing source mac address filtering. Cheers, Mark.