Hi Daniel,

I added the option <filterref filter='clean-traffic'/> and my VM stop to ping the gateway and the others VM's in the same host.

I would like to prevent that VM's in differents subnets can ping or spoof others VM's. Each subnet is related with a customer and I would like to separete the traffic like VLAN does.

Is this possible with some options in xml ?

Thank you very much.

Thiago

2017-06-07 5:25 GMT-03:00 Daniel P. Berrange <berrange@redhat.com>:

On Tue, Jun 06, 2017 at 11:37:27PM -0300, Thiago Oliveira wrote:
> Daniel,
>
> Are you talking about XML? If yes, could please show us an example?

<domain>
...
<devices>
....
<interface type='bridge'>
<mac address='00:16:3e:5d:c7:9e'/>
<filterref filter='clean-traffic'/>
</interface>
....
</devices>
...
</domain>

There is quite alot more info here:

http://libvirt.org/formatnwfilter.html
http://libvirt.org/firewall.html

Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|