isolate libvirt / kvm guests in virtual network

tux111 · 12-21-2019, 01:06 PM

All,

is it possible to isolate libvirt / kvm guests in a virtual network? (I think VirtualBox has such an option).

- Chris

berndbausch · 12-21-2019, 04:34 PM

You mean an isolated network?

tux111 · 12-22-2019, 05:49 AM

Only the virtual machines should connect to each other, but not even to the KVM host.

berndbausch · 12-22-2019, 07:31 AM

From the above link:

Code:

<network>
  <name>private</name>
  <bridge name="virbr2"/>
  <ip address="192.168.152.1" netmask="255.255.255.0">
    <dhcp>
      <range start="192.168.152.2" end="192.168.152.254"/>
    </dhcp>
  </ip>
  <ip family="ipv6" address="2001:db8:ca2:3::1" prefix="64"/>
</network>

The only way the guests can talk to the hosts is by accessing virbr2, i.e. 192.168.152.1. If no host process listens at virbr2, there is nothing the guests can connect to. If you are still bothered by the connectivity to virbr2, use iptables to shield it totally. If you don't even want DHCP, remove the dhcp clause. I don't know if you can remove the bridge's IP address, but it would be worth a try.