On Fri, May 17, 2024 at 11:25 AM Michal Prívozník <mprivozn@redhat.com> wrote:
On 5/17/24 14:21, Anchal Nigam wrote:
I don't have a router that I can create custom rules to block things. I was hoping there would be a way to do this entirely on the host but it doesn't look like it is possible.
macvtap IS purely host thing. No need to set anything on the router. In fact, you'd need a special switch if you wanted two guests using macvtap on the same host to talk to each other (it's called hairpinning).
Michal
If it was my setup I would - Create an internal network for these test guests - Connect the network to the router using a vlan or a specific network/30 with a route definition on the vm server. Ideally you could then say in said router that any traffic coming from network/30 goes straight outside.