[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [virt-tools-list] Recommendation for improvement/feature request of virt-manager

On 10/03/2018 07:03 PM, scrap mailbox org wrote:
Hello together,

in first - thanks to all of you for your great work!

I have just a small feature request for virt-manager:

Unfortunately it is not possible yet to block guests public internet access in the guest machine settings (= NIC settings).

Some additional option inside guests NIC settings to avoid public internet access would be awesome. Right now, only network source (NAT/host devices) and desired device model (virtio etc.) can be configured in that menue.

Would it be possible to add some checkmark to activate the option "Prohibit guests network access to public internet" while preserving guests network access to the host machine?

Do you have in mind a specific libvirt/qemu feature that you want exposed, or are you asking for this kind of on/off switch to implemented lower in the stack?

You can avoid public internet access by choosing an appropriate network source: NAT guests are not accessible from the outside world. If you are using a bridge or macvtap, then it's essentially like your VM is just a host on the same network the physical machine is on, so you would use whatever mechanism you would use to protect your physical host, like a firewall on your home router.

What kind of network source are you using?

- Cole

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]