Yes, as Jithin said cloudstack uses iptables/ebtables/ipset to prevent IP spoofing in advanced zone with security groups.
If the IP or mac address of vm instance is modified inside the vm by the user, the vm will not work. -Wei On Thursday, 18 May 2023, Jithin Raju <jithin.r...@shapeblue.com> wrote: > Hi Willard, > > I believe there is something implemented using iptables,ebtables to > prevent IP spoofing for security group enabled zones. You need to take this > into account if you are using security group enabled zones. > > -Jithin > > From: Will Conrad <wcon...@hivelocity.net.INVALID> > Date: Thursday, 18 May 2023 at 1:08 PM > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > Subject: IP Spoofing and IP Theft > Hello Community! > > It looks like cloudstack has built-iin protection to prevent IP spoofing, I > am wondering what kind (if any) of protections cloudstack has built-in to > protect the environment from IP theft, or is this a consideration that > should be taken into account when designing the network layout and > offerings for tenants? > > Regards, > > Willard Conrad > DevOps Engineer > Hivelocity, LLC > > > >
