Search

18.12.11.4. Pre-existing network filters

download PDF
The following is a list of example network filters that are automatically installed with libvirt:
Table 18.15. ICMPv6 protocol types
Command NameDescription
no-arp-spoofingPrevents a guest virtual machine from spoofing ARP traffic; this filter only allows ARP request and reply messages and enforces that those packets contain the MAC and IP addresses of the guest virtual machine.
allow-dhcpAllows a guest virtual machine to request an IP address via DHCP (from any DHCP server)
allow-dhcp-serverAllows a guest virtual machine to request an IP address from a specified DHCP server. The dotted decimal IP address of the DHCP server must be provided in a reference to this filter. The name of the variable must be DHCPSERVER.
no-ip-spoofingPrevents a guest virtual machine from sending IP packets with a source IP address different from the one inside the packet.
no-ip-multicastPrevents a guest virtual machine from sending IP multicast packets.
clean-trafficPrevents MAC, IP and ARP spoofing. This filter references several other filters as building blocks.
These filters are only building blocks and require a combination with other filters to provide useful network traffic filtering. The most used one in the above list is the clean-traffic filter. This filter itself can for example be combined with the no-ip-multicast filter to prevent virtual machines from sending IP multicast traffic on top of the prevention of packet spoofing.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.