[PVE-User] IP / MacAddress restriction for QEMU
Fabrizio Cuseo
f.cuseo at panservice.it
Mon Mar 9 19:09:41 CET 2015
Hello there.
I would like to know if there is already some module to create a restriction for IP/MacAddress.
For "low cost" VPS, creating a dedicated vlan, using a /30 network, configuring a network interface on the firewall, is too expensive.
So i would like to use the whole /24 network, and give one address to each vps; i also need to forbid any ip change.
The fastest way is to create an ebtables rule, but it will be simpler if on the VM details i can check a radio button "restrict ip address" and write the ip address. It will generate on all the nodes, two ebtables rules:
ebtables -A FORWARD -i ${network_device} -s ! ${mac_address} -j DROP
ebtables -A FORWARD -s ${mac_address} -p IPv4 --ip-src ! ${ip_address} -j DROP
It will work (for now) only for IPv4 address, but it can be enough for now.
Regards, Fabrizio
--
---
Fabrizio Cuseo - mailto:f.cuseo at panservice.it
Direzione Generale - Panservice InterNetWorking
Servizi Professionali per Internet ed il Networking
Panservice e' associata AIIP - RIPE Local Registry
Phone: +39 0773 410020 - Fax: +39 0773 470219
http://www.panservice.it mailto:info at panservice.it
Numero verde nazionale: 800 901492
More information about the pve-user
mailing list