[PVE-User] IP / MacAddress restriction for QEMU

Fabrizio Cuseo f.cuseo at panservice.it
Mon Mar 9 19:09:41 CET 2015

Hello there.

I would like to know if there is already some module to create a restriction for IP/MacAddress.

For "low cost" VPS, creating a dedicated vlan, using a /30 network, configuring a network interface on the firewall, is too expensive.

So i would like to use the whole /24 network, and give one address to each vps; i also need to forbid any ip change.

The fastest way is to create an ebtables rule, but it will be simpler if on the VM details i can check a radio button "restrict ip address" and write the ip address. It will generate on all the nodes, two ebtables rules:

ebtables -A FORWARD -i ${network_device} -s ! ${mac_address} -j DROP
ebtables -A FORWARD -s ${mac_address} -p IPv4 --ip-src ! ${ip_address} -j DROP

It will work (for now) only for IPv4 address, but it can be enough for now.

Regards, Fabrizio 

Fabrizio Cuseo - mailto:f.cuseo at panservice.it
Direzione Generale - Panservice InterNetWorking
Servizi Professionali per Internet ed il Networking
Panservice e' associata AIIP - RIPE Local Registry
Phone: +39 0773 410020 - Fax: +39 0773 470219
http://www.panservice.it  mailto:info at panservice.it
Numero verde nazionale: 800 901492

More information about the pve-user mailing list