[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qem

From: Daniel P. Berrange
Subject: Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu
Date: Thu, 5 Nov 2009 17:16:44 +0000
User-agent: Mutt/1.4.1i

On Thu, Nov 05, 2009 at 11:03:48AM -0600, Anthony Liguori wrote:
> Daniel P. Berrange wrote:
> >Indeed the hotplug  scenario is a bit of a problem in this model,
> >since libvirt needs to be able to setup iptables & ebtables rules
> >between creating the device & giving it to the guest.
> >  
> But does libvirt every setup tap specific iptable or ebtable rules?

We have recently got a mode where we setup a rule against a specific TAP
device to filter non-assigned MAC, to prevent guests spoofing MAC addrs,
and will do similar for IP packets in the future.

|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

reply via email to

[Prev in Thread] Current Thread [Next in Thread]