Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

18.12.11.4. Pre-existing network filters

The following is a list of example network filters that are automatically installed with libvirt:

Table 18.15. ICMPv6 protocol types

Command NameDescription
no-arp-spoofingPrevents a guest virtual machine from spoofing ARP traffic; this filter only allows ARP request and reply messages and enforces that those packets contain the MAC and IP addresses of the guest virtual machine.
allow-dhcpAllows a guest virtual machine to request an IP address via DHCP (from any DHCP server)
allow-dhcp-serverAllows a guest virtual machine to request an IP address from a specified DHCP server. The dotted decimal IP address of the DHCP server must be provided in a reference to this filter. The name of the variable must be DHCPSERVER.
no-ip-spoofingPrevents a guest virtual machine from sending IP packets with a source IP address different from the one inside the packet.
no-ip-multicastPrevents a guest virtual machine from sending IP multicast packets.
clean-trafficPrevents MAC, IP and ARP spoofing. This filter references several other filters as building blocks.
These filters are only building blocks and require a combination with other filters to provide useful network traffic filtering. The most used one in the above list is the clean-traffic filter. This filter itself can for example be combined with the no-ip-multicast filter to prevent virtual machines from sending IP multicast traffic on top of the prevention of packet spoofing.