Re: [libvirt-users] Isolate VMs' network
On Tue, Jun 06, 2017 at 08:50:45PM +0200, Chris wrote:
Chris wrote:
> I'm trying to setup a network with some virtual machines, that can connect
> to each other and to the internet, but neither to the host nor to other
> VMs.
Thank you for your replies. Unfortunately, I didn't mention, that I'd like
to be able to test malicious software, so my network filtering shouldn't
depend on the guests' IP addresses. I think I have to setup a new virtual
"virus" interface and configure iptables on the host for this interface.
Is this possible?
You can use the network filters to setup antispoofing protection for both
IP addresses and MAC addresses. In fact this is what the "clean-traffic"
example filter libvirt provides will do for you.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|