On Thu, 18 Apr 2013 16:15:38 +0200 Andrej Bagon <andrej.ba...@arnes.si> wrote:
> Hi all, > > we are wondering how can we limit a user to use IPs we give him and not > others. > Best is understood from an example: > - we give a user a quota (with x CPU, y memory and z disk space) > - a user can create one VirtualMachine with all the resources, or more > VirtualMachines with smaller resources. > - we want to give a user a pool of IPs. He should not use other IPs. If > he uses other IP it should not be routable. > > Is there a solution for this problem? Normal solution: * mirror port on your switch which is forwarded to a NIDS and search for unauthoried IPs MACs pairs "Software foo can to everything" solution: * libvirt know nwfilter * vdsm has hooks thus combination of your own nwfilters, custom properties and vdsm hooks. Or raise a RFE so we could assing nwfilters to a VM. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users