All virtual machines should be started with no-arp-spoofing and no-mac-spoofing nwfilter Note: portmirror VMs are excluded from this.
Agreed in today's meeting that we this will be a global config option to enable or disable. The default will be enabled. We'll extend in 3.2/4.0 to allow per VM and per logical network settings
2 notes: 1. support for setting the filters on hot-plug NIC is also needed. 2. we should avoid setting the filter on port-mirroring NICS.
(In reply to comment #7) > 2 notes: > > 1. support for setting the filters on hot-plug NIC is also needed. > 2. we should avoid setting the filter on port-mirroring NICS. After reviewing the filter carefully it looks like there is no need for a special treatment for port mirroring as the filters are only for the vm egress traffic.
The feature page for Network Filtering: http://wiki.ovirt.org/wiki/Features/Design/Network/NetworkFiltering
Suggested patch: http://gerrit.ovirt.org/#/c/7356/
Verified on rhevm-3.1.0-16.el6ev.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-1506.html