-   Linux - Software (
-   -   Blocking VM's network temorarily - KVM (setting rules in iptables) (

sethusubbiah 08-13-2011 11:35 PM

Blocking VM's network temorarily - KVM (setting rules in iptables)

I am trying to perform few changes to a running VMs mac address and obtain new ip. I would like to temporarily (10-20 seconds) block the VMs network connection from the host machine. Is it possible ??


scheidel21 08-14-2011 10:32 PM

I don't think what you want is possible other than maybe taking the guest console and shutting down networking. Or using firewall rules briefly

sethusubbiah 08-16-2011 08:57 AM

I am using CentOS Linux and am planning to setup a rule on my VM's iptable.

I want to restrict all outgoing and incoming packets to the VM for a temporary period and allow only the DHCP packet to obtain an IP address (like UDP at ports 67,68). I am not sure exactly which rule to apply and how.

scheidel21 08-16-2011 11:50 AM

Got me on that, maybe a packet capture with Wireshark would show you the exact types of packets you need to allow through, blacklist all and allow only the ones you want via iptables rules. You could probably script this if you know the time frame you want this to take effect in.

sethusubbiah 08-16-2011 11:15 PM

I find that if i set these rules :

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

This shud basically block my entire network . But still I am able to use DHCP . Which leaves me confused and happy :) I am confused with this behavior but I am happy my requirement is satisfied with ease but im still interested in knowing the reason. Please help me out if anyone has a clue. Thanks !

- Sethu

All times are GMT -5. The time now is 03:45 PM.