mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-09 17:24:53 +00:00
8c309caff8
With fragments borrowed from David Steven's previous submission and some further modifications: A set of modifications to filters to handle multiple IP addresses (and MAC addresses) per interface. Also: - enable DHCP traffic from VM to any DHCP server - will require an update to a libvirt-tck data file Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
10 lines
353 B
XML
10 lines
353 B
XML
<filter name='no-arp-ip-spoofing' chain='arp-ip' priority='-510'>
|
|
<!-- no arp spoofing -->
|
|
<!-- drop if ipaddr does not belong to guest -->
|
|
<rule action='return' direction='out' priority='400' >
|
|
<arp match='yes' arpsrcipaddr='$IP' />
|
|
</rule>
|
|
<!-- drop everything else -->
|
|
<rule action='drop' direction='out' priority='1000' />
|
|
</filter>
|