admin管理员组

文章数量:1122832

I want to run malware in kvm and I want to have one guest acting as a network router. The isolated bridge in virsh allows guest-to-guest and guest-to-host communication. For safety I also want to disable guest-to-host communications on the bridge network.

Here's the definition of isolated bridge I'm currently using:

<network>
  <name>proxy-bridge</name>
  <uuid>a29b0c37-4d7b-444b-a555-b9859a2a1c93</uuid>
  <bridge name="virbr1" stp="on" delay="0"/>
  <mac address="52:54:00:61:96:66"/>
  <domain name="proxy-bridge"/>
</network>

Host doesn't have IPv4 address on bridge interface but IPv6 address is automatically allocated. I could completely disable IPv6 on host as I don't require it. Still, it would be safer if all layer 2 communication was disabled.

本文标签: libvirtHow to create isolated network with guesttohost networking disabledStack Overflow

版权声明:本文标题:libvirt - How to create isolated network with guest-to-host networking disabled - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736306565a1933002.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。