Previously, virtual machines running on the host or vNIC hot-plug were vulnerable to spoof attacks unless network filter rules were enabled. This meant that virtual machines were able to impersonate other virtual machines, and that they could cause virtual machine traffic to be rerouted to destinations other than those intended by the Red Hat Entperprise Virtualization environment. VDSM now defines a custom rule called vdsm-no-mac-spoofing on libvirt nw-filter, which is comprised of two rules: no-mac-spoofing and no-arp-mac-spoofing. VDSM exposes the option to use the vdsm-no-mac-spoofing filter when running a virtual machine or when hot-plug vNIC is invoked. As a result, when VDSM is provided with the filter to be used when running virtual machines or activating vNICs, it now instructs libvirt to enforce the filters for the vNICs by defining ebtables rules that control traffic and prevent spoofing.