[libvirt] nwfilter: limit VM traffic to specific MAC
Shahar Havivi
shaharh at redhat.com
Mon Jun 20 11:39:35 UTC 2011
Hi,
I am trying to add custom filter to block VM traffic to other VMs by limiting
the traffic only to the gateways MAC address.
The filter XML:
<filter name='rhev' chain='root'>
<uuid>cd4e5890-ccc9-1b0f-303f-e7fe7123646d</uuid>
<filterref filter='allow-dhcp'/>
<rule action='drop' direction='out' priority='500'>
<mac match='no' dstmacaddr='$MAC'/>
</rule>
</filter>
The MAC is not the interface MAC address it's the gateways MAC that pass as a
parameter (I use the gateway address hardcoded as well).
The VM is getting DHCP ip but cannot get any traffic,
I notice that when I edit (comment and uncomment) the drop rule, the filter is
working fine, ie no traffic other then the gateway.
1. Am I doing something wrong?
1. What is the table name that libvirt use for ebtables?
Shahar.
More information about the libvir-list
mailing list