mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-08-28 03:21:19 +00:00
b81e44d6ac
The nwfilter XML configs are not merely examples, they are data that is actively shipped and used in production by users. Reviewed-by: Erik Skultety <eskultet@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
10 lines
353 B
XML
10 lines
353 B
XML
<filter name='no-arp-ip-spoofing' chain='arp-ip' priority='-510'>
|
|
<!-- no arp spoofing -->
|
|
<!-- drop if ipaddr does not belong to guest -->
|
|
<rule action='return' direction='out' priority='400' >
|
|
<arp match='yes' arpsrcipaddr='$IP' />
|
|
</rule>
|
|
<!-- drop everything else -->
|
|
<rule action='drop' direction='out' priority='1000' />
|
|
</filter>
|