Re: [libvirt-users] Privacy Extension not working in VM
Hi Daniel,
thanks for your response.
You mention you used 'macvtap' but not which mode of macvtap
? None the
less if you're using it in bridge mode, or passthroug hmode, there should
be no filtering of guest traffic in general, since the guest traffic is
forwarding at the ethernet layer, not IP layer.
The exception would be if you hve the br-netfilter extension loaded which
causes guest traffic to be processed by the host firewall.
The macvtap-Device is started in bridge mode via a systemd-service-unit
before the VM is started, see below. The kernel module br-netfilter for
Packetfiltering is not loaded. But the PE-based IPv6 is still blocked
furthermore. The MAC-based IPv6 works fine.
BR, Tom
# cat /etc/systemd/system/kvm-network-lan.service
[Unit]
Description=kvm-local-network.service Setup a macvtap-Bridge for
Client-Integration in LAN
After=network.target
Wants=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStartPre=/usr/sbin/ip link add link enp2s0 macvtap0 address
d0:50:99:0a:0a:0a type macvtap mode bridge
ExecStartPre=/usr/sbin/ip link set macvtap0 up
ExecStart=/usr/sbin/ip link show macvtap0
ExecStop=/usr/sbin/ip link set macvtap0 down
ExecStopPost=/usr/sbin/ip link del macvtap0
[Install]
WantedBy=multi-user.target
# cat /etc/libvirt/qemu/vm1.xml | grep "<interface" -A 5
<interface type='direct'>
<mac address='d0:50:99:0b:0b:0b'/>
<source dev='macvtap0' mode='bridge'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x01'
slot='0x00'
function='0x0'/>
</interface>