2013/9/2 Jiaan Zeng <l.alle...@gmail.com>
> Hi All, > > I am new to libvirt and encounter a strange problem to set up network > filter in a NAT network. > > I launched VMs in a single host using NAT, i.e. interface > type='network'. Now I want to control the outbound traffic from VM > instance - only allow the VM to asses a set of ip addresses. My > network filter xml is as follows. The problem is once I change the VM > xml, shutdown and start VM, VM cannot get ip address. > /var/log/libvirt/libvirt.log shows " error : virNetDevGetIndex:656 : > Unable to get index for interface vnet2: No such device" error. > > But when I remove the drop rule in the filter xml, VM can get IP > address. I even tried the clean-traffic filter shipped with libvirt. > VM throws the same error above. > > Any idea why this happens? How can I implement outbound traffic > control in libvirt? Thanks a lot. > > <filter name='filter-test'> > <rule action='accept' direction='in' priority='500'> > <tcp dstportstart='22'/> > </rule> > <rule action='accept' direction='out' priority='500'> > <ip dstipaddr='IP1'/> > </rule> > <rule action='accept' direction='out' priority='500'> > <ip dstipaddr='IP2'/> > </rule> > <rule action='drop' direction='out' priority='500'> > <all/> > </rule> > </filter> > > The VM network section XML looks like this > > <interface type='network'> > <mac address='52:54:00:0d:f1:ce'/> > <source network='default'/> > <filterref filter='filter-test'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x03' > function='0x0'/> > </interface> > hello,perhaps this blog post will help you :-).
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
