...
<interface type='direct'>
<mac address='52:54:00:31:ae:1a'/>
<source dev='em1' mode='private'/>
<filterref filter='clean-traffic'>
<parameter name='IP' value='10.1.101.44'/>
</filterref>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
...
or like these:
...
<interface type='direct'>
<mac address='52:54:00:31:ae:1a'/>
<source dev='em1' mode='private'/>
<ip address='10.1.101.44'/>
<filterref filter='clean-traffic'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
...
With 'virsh create domain.xml', vm created, but dumpxml show that filterref is disappeared.
I have not found any success stories with filtering rules and 'direct' interface types. Is it supported with this type? Or may be other tricks to protect network from vm spoofing and direct type?
-
vlad f halilov