libvirt/examples/xml/nwfilter/no-ip-spoofing.xml

<filter name='no-ip-spoofing' chain='ipv4-ip' priority='-710'>
  <!-- allow UDP sent from 0.0.0.0 (DHCP); filter more exact later -->
  <rule action='return' direction='out' priority='100'>
    <ip srcipaddr='0.0.0.0' protocol='udp'/>
  </rule>

  <!-- allow all known IP addresses -->
  <rule direction='out' action='return' priority='500'>
    <ip srcipaddr='$IP'/>
  </rule>

  <!-- drop everything else -->
  <rule direction='out' action='drop' priority='1000'/>
</filter>
Update of filters to handle multiple IP addresses With fragments borrowed from David Steven's previous submission and some further modifications: A set of modifications to filters to handle multiple IP addresses (and MAC addresses) per interface. Also: - enable DHCP traffic from VM to any DHCP server - will require an update to a libvirt-tck data file Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> 2011-12-02 01:34:36 +00:00			`<filter name='no-ip-spoofing' chain='ipv4-ip' priority='-710'>`
nwfilter: fix typing error in filter Fix a typing error in the no-ip-spoofing filter. Return DHCP request packets passing through this filter. Have the user use another filter to actually allow DHCP requests to be sent (action='accept'). 2012-01-17 17:47:41 +00:00			`<!-- allow UDP sent from 0.0.0.0 (DHCP); filter more exact later -->`
			`<rule action='return' direction='out' priority='100'>`
			`<ip srcipaddr='0.0.0.0' protocol='udp'/>`
Update of filters to handle multiple IP addresses With fragments borrowed from David Steven's previous submission and some further modifications: A set of modifications to filters to handle multiple IP addresses (and MAC addresses) per interface. Also: - enable DHCP traffic from VM to any DHCP server - will require an update to a libvirt-tck data file Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> 2011-12-02 01:34:36 +00:00			`</rule>`
Add some examples filters This patch adds some example filters to libvirt. They are automatically installed into the proper directory for libvirt to pick them up. 2010-03-25 17:46:13 +00:00
Update of filters to handle multiple IP addresses With fragments borrowed from David Steven's previous submission and some further modifications: A set of modifications to filters to handle multiple IP addresses (and MAC addresses) per interface. Also: - enable DHCP traffic from VM to any DHCP server - will require an update to a libvirt-tck data file Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> 2011-12-02 01:34:36 +00:00			`<!-- allow all known IP addresses -->`
			`<rule direction='out' action='return' priority='500'>`
			`<ip srcipaddr='$IP'/>`
			`</rule>`

			`<!-- drop everything else -->`
			`<rule direction='out' action='drop' priority='1000'/>`
Add some examples filters This patch adds some example filters to libvirt. They are automatically installed into the proper directory for libvirt to pick them up. 2010-03-25 17:46:13 +00:00			`</filter>`