libvirt mac/ip filtering

Sad.I'm currently looking for cloud platform to offer IaaS or virtual machines. Have a lot of experience with Proxmox as enterprise level virt. solution and like it a lot. But it seems it is hard to implement it for public cloud services? Or there are some ways to restrict user to use only IP that was given to him by DHCP server? Currently spoofing is very serious problem, that have to be solved.
 
It looks like you can do most of this, if not everything, with iptables on the host. iptables really is your friend for anything and everything. its like the emacs of networking
 
Thanks!

Yes, looks like you can do it with iptables and ebtables. However the libvirt filter seems to be the most sophisticated approach.
 
1) Creating a vlan and bind this vlan to a bridge
2) Connect a VM to this bridge
3) Distribute IP's through DHCP
4) iptables using -m mac --mac-source

Everything wrapped inside one or more scripts.
 
I also found -m physdev --physdev vethXXX.0 to be working nicely so you dont even have to worry about the macs
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back