Network filters for KVM

[jmjosebest]

Hello,

in order to restrict the IP usage of a VM, we want to implement the libvirt network filters:
https://libvirt.org/formatnwfilter.html

For example, with this filters we're able to restrict a VM to only use that 3 IPs.
If the VM user try to configure other IP he will lost connectivity.

<devices>
  <interface type='bridge'>
   <mac address='00:16:3e:5d:c7:9e'/>
   <filterref filter='clean-traffic'>
     <parameter name='IP' value='10.0.0.1'/>
     <parameter name='IP' value='10.0.0.2'/>
     <parameter name='IP' value='10.0.0.3'/>
   </filterref>
  </interface>
</devices>

<filter name='clean-traffic'>
  <uuid>6ef53069-ba34-94a0-d33d-17751b9b8cb1</uuid>
  <filterref filter='no-mac-spoofing'/>
  <filterref filter='no-ip-spoofing'/>
  <filterref filter='allow-incoming-ipv4'/>
  <filterref filter='no-arp-spoofing'/>
  <filterref filter='no-other-l2-traffic'/>
  <filterref filter='qemu-announce-self'/>
</filter>

nwfilter proxmox

There is any option to apply nwfilters this on Proxmox ?

 

[jmjosebest]

@dietmar @tom
@martin

up!
Thanks in advance!

 

[jmjosebest]

Why any admin reply?
There is this in the roadmap?
Or some alternative to restrict what IP can be configured inside a VM ?

 

[Alwin]

Have you already read the documentation?
https://pve.proxmox.com/pve-docs/pve-admin-guide.html
https://pve.proxmox.com/pve-docs/chapter-pve-firewall.html#pve_firewall_ip_sets

 

[jmjosebest]

Thanks @Alwin
IPfilter seems it's what I'm looking for, but after a hour playing with it, I'm not able to get a success.
I will open a new post related my issue.

Thanks.