NuxRo commented on PR #8951: URL: https://github.com/apache/cloudstack/pull/8951#issuecomment-2088282206
@weizhouapache Good effort. Like @wido says, the problems this would solve are not an issue in SG zones usually, so indeed we should not apply any of this there. Otherwise it'd be a nice "win" for operators of regular Advanced Zones to apply anti-spoofing measures. We already have something somewhat similar for VMWare. I'd be happy to use all reasonable libvirt nwfilter features, make them options in Network Offering: - IP anti-spoofing (with or without auto-detect) - ARP anti-spoofing - MAC anti-spoofing Would it even be reasonable to allow the operator to specify more nwfilter? Ie load whatever xml file from /usr/share/libvirt/nwfilter/ that they want? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
