Andre, Please also try the clean-traffic filter. This filter should prevent MAC, IP and ARP spoofing, all in one.
Thanks, Marcin ----- Original Message ----- > From: "Marcin Mirecki" <[email protected]> > To: "André Gustavo" <[email protected]> > Cc: [email protected] > Sent: Tuesday, September 13, 2016 10:57:09 AM > Subject: Re: [ovirt-users] Associate IP addresses to MAC addresses > (anti-spoofing rules) > > Hi André, > > The best separation would be providing a separate network for each customer. > This way you could protect them from other malicious users on your internal > networks. > Please describe your env in some more detail. > > Thanks, > Marcin > > > > ----- Original Message ----- > > From: "André Gustavo" <[email protected]> > > To: [email protected] > > Sent: Monday, September 12, 2016 8:33:40 PM > > Subject: [ovirt-users] Associate IP addresses to MAC addresses > > (anti-spoofing rules) > > > > Aloha, > > > > I'm using oVirt 4 in my hosting. > > > > However, easily a customer can change the IP to another client (IP > > spoofing) > > > > In vNIC profiles, altered Network Filter > > from "VDSM-on-mac-spoofing" to "no-ip-spoofing" > > > > It worked partially, but if the client power off 'vm' and turn on the 'vm', > > he can perform the change in IP > > > > I tried to use eptables, but also had problems > > http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof > > > > > > What is the best option? > > > > > > -- > > --- > > André Gustavo Timermann > > Curitiba/PR - Brasil > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
