mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-19 22:21:27 +00:00
8c309caff8
With fragments borrowed from David Steven's previous submission and some further modifications: A set of modifications to filters to handle multiple IP addresses (and MAC addresses) per interface. Also: - enable DHCP traffic from VM to any DHCP server - will require an update to a libvirt-tck data file Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
11 lines
308 B
XML
11 lines
308 B
XML
<filter name='no-mac-spoofing' chain='mac' priority='-800'>
|
|
<!-- return packets with VM's MAC address as source address -->
|
|
<rule direction='out' action='return'>
|
|
<mac srcmacaddr='$MAC'/>
|
|
</rule>
|
|
<!-- drop everything else -->
|
|
<rule direction='out' action='drop'>
|
|
<mac/>
|
|
</rule>
|
|
</filter>
|