VM/Client isolation

[floh]

Hello!

I'm currently working on a way to prevent VMs to talk to each other within the same vmbr.
(like client isolation these days used in WIFI or port isolation used by many enterprise switches)

When activating port isolation at the physical switch I prevent all devices to talk to each other (which are directly connected to the switch).
But all VMs running on Proxmox will/are still routing (no surprise here).
Is there a smart way to activate client/port isolation on the hypervisor?
--> so creating a vmbr/subnet for each VM is not the smart way I assume

Kind regards,
Floh

 

[Richard]

Hello!

I'm currently working on a way to prevent VMs to talk to each other within the same vmbr.
(like client isolation these days used in WIFI or port isolation used by many enterprise switches)

When activating port isolation at the physical switch I prevent all devices to talk to each other (which are directly connected to the switch).
But all VMs running on Proxmox will/are still routing (no surprise here).
Is there a smart way to activate client/port isolation on the hypervisor?
--> so creating a vmbr/subnet for each VM is not the smart way I assume

Activate firewall (no special settings needed) for the NICs on these VMs.