I've created the below filter. The intention is that it will allow incoming
traffic only from SRCIP parameter and within the port range.
However I'm still able to access the VM from other IPs as well. We are running
oVirt 4.3 and the networks are vlan tagged.
virsh -r nwfilter-dumpxml clean-ip-port-filter
<filter name='clean-ip-port-filter' chain='root'>
<uuid>f9d2ff6b-db31-41a0-8f1b-97dc0166c10a</uuid>
<rule action='accept' direction='in' priority='500'>
<tcp srcipaddr='$SRCIP' dstportstart='$PORTSTART' dstportend='$PORTEND'/>
</rule>
</filter>
Could it be because of the statement "VLAN (802.1Q) packets, if sent by a
virtual machine, cannot be filtered with rules for protocol IDs arp, rarp, ipv4
and ipv6 but only with protocol IDs mac and vlan." in
https://libvirt.org/formatnwfilter.html?
If netfilters do not work with vlan packets, is there any other way I can
implement such filtering?
Regards,
Ravi
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/26QZXVTPR32XMZXXUZUXLAEGM6NK62DR/
