On Wed, Feb 9, 2022 at 6:54 AM ravi k <kotta...@gmail.com> wrote: > Good people of the community, >
Hi, > Hope you are all doing well. We are exploring the network filters in oVirt > to check if we can implement a zero-trust model at the network level. The > intention is to have a filter which takes two parameters, IP and PORT. > After that there will be a 'deny all' rule. We realized that none of the > default network filters offer such a functionality and the only option is > to write a custom filter > Why don't we have such a filter in libvirt and thereby in oVirt? Someone > would've already thought about such a use case. So I was thinking maybe > network filters aren't meant to be used for implementing such > functionalities like zero-trust? > You can definitely implement this filter on your own and if you feel like it is a good solution send a patch to libvirt. oVirt really depends on what is configured in libvirt, so if you define you filter you can use it from the engine under some conditions. 1) You need to make sure that all hosts have this filter. 2) You need to define this filter in engine DB otherwise you would need some kind of hook to apply it. > > Also what are some practical use cases of the default filters that are > provided? I was able to understand and use the clean-traffic and > clean-traffic-gateway. > You can read what the predefined filters can offer in https://libvirt.org/formatnwfilter.html#nwfexamples > > Regards, > ravi > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/J2PUNVD7N45X7YDE5UX2CXWGDEFDS46M/ > Regards, Ales -- Ales Musil Senior Software Engineer - RHV Network Red Hat EMEA <https://www.redhat.com> amu...@redhat.com IM: amusil <https://red.ht/sig>
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/DA3YUL4UXMIPAS4MRP75CON2TJYHSR63/