Re: [libvirt-users] Isolate VMs' network
Hi Daniel,
I added the option <filterref filter='clean-traffic'/> and my VM stop to
ping the gateway and the others VM's in the same host.
I would like to prevent that VM's in differents subnets can ping or spoof
others VM's. Each subnet is related with a customer and I would like to
separete the traffic like VLAN does.
Is this possible with some options in xml ?
Thank you very much.
Thiago
2017-06-07 5:25 GMT-03:00 Daniel P. Berrange <berrange(a)redhat.com>:
On Tue, Jun 06, 2017 at 11:37:27PM -0300, Thiago Oliveira wrote:
> Daniel,
>
> Are you talking about XML? If yes, could please show us an example?
<domain>
...
<devices>
....
<interface type='bridge'>
<mac address='00:16:3e:5d:c7:9e'/>
<filterref filter='clean-traffic'/>
</interface>
....
</devices>
...
</domain>
There is quite alot more info here:
http://libvirt.org/formatnwfilter.html
http://libvirt.org/firewall.html
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/
dberrange :|
|: https://libvirt.org -o-
https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/
dberrange :|
Attachments:
- attachment.html (text/html — 3.1 KB)