NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

nwfilter: enable filtering of gratuitous ARP packets

Browse Source 
This patch enables filtering of gratuitous ARP packets using the following XML:

<rule action='accept' direction='in' priority='425'>
<arp gratuitous='true'/>
</rule>
This commit is contained in:
Stefan Berger
2011-05-23 19:41:18 -04:00
parent 17266c5c68
commit fcb0e8c227
8 changed files with 68 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
examples/xml/nwfilter/no-arp-spoofing.xml
View File

@@ -12,7 +12,11 @@
<rule action='drop' direction='out' priority='400' >
<arp match='no' arpsrcipaddr='$IP' />
</rule>
<!-- drop if ipaddr or macaddr odes not belong to guest -->
<!-- allow gratuitous arp -->
<rule action='accept' direction='in' priority='425'>
<arp gratuitous='true'/>
</rule>
<!-- drop if ipaddr or macaddr does not belong to guest -->
<rule action='drop' direction='in' priority='450' >
<arp match='no' arpdstmacaddr='$MAC'/>
<arp opcode='reply'/>