[fedora-virt] isolate VM from local network?
Dor Laor
dlaor at redhat.com
Wed Dec 29 07:46:09 UTC 2010
On 12/29/2010 05:44 AM, Tom Horsley wrote:
> So, if I wanted to turn a Windows KVM into a utterly safe
> web browser machine in which I revert the copy on write
> filesystem on each boot, what is the best way to also isolate
> it from the rest of the local network?
>
> I've got all my KVM machines setup with bridge networking
> right now. Can I use some magic firewall rules to prevent
> one specific virtual machine from having any access to
> my local network? (While still allowing the spice display
> and mouse to operate, of course :-).
You should be able to do it through the usage of virsh netfilter-*
commands, please check the man page for them.
btw: spice uses the host networking and not the guest networks so it
won't have any effect on it.
>
> Configure it on a separate subnet maybe and use NAT on the
> KVM host to allow it access to the outside world?
That's always easier
> _______________________________________________
> virt mailing list
> virt at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/virt
More information about the virt
mailing list