Hi Daniel, I added the option <filterref filter='clean-traffic'/> and my VM stop to ping the gateway and the others VM's in the same host. I would like to prevent that VM's in differents subnets can ping or spoof others VM's. Each subnet is related with a customer and I would like to separete the traffic like VLAN does. Is this possible with some options in xml ? Thank you very much. Thiago 2017-06-07 5:25 GMT-03:00 Daniel P. Berrange <berrange@redhat.com>:
On Tue, Jun 06, 2017 at 11:37:27PM -0300, Thiago Oliveira wrote:
Daniel,
Are you talking about XML? If yes, could please show us an example?
<domain> ... <devices> .... <interface type='bridge'> <mac address='00:16:3e:5d:c7:9e'/> <filterref filter='clean-traffic'/> </interface> .... </devices> ... </domain>
There is quite alot more info here:
http://libvirt.org/formatnwfilter.html http://libvirt.org/firewall.html
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/ dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/ dberrange :|