shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-11 05:17:41 +03:00
Code Releases Wiki Activity

ebtables script for kvm (#138)

Browse Source 
git-svn-id: http://svn.opennebula.org/one/trunk@796 3034c82b-c49b-4eb3-8279-a7acafdc01c0
This commit is contained in:
Javier Fontán Muiños 2009-09-17 16:39:06 +00:00
parent 24fc36eb50
commit 28f3546fcf
1 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
share/hooks/ebtables-kvm Executable file
View File

@ -0,0 +1,44 @@
#!/usr/bin/env ruby
require 'pp'
require 'rexml/document'
COMMAND=ARGV[0]
VM_NAME=ARGV[1]
def activate(rule)
system "sudo ebtables -A #{rule}"
end
def deactivate(rule)
system "sudo ebtables -D #{rule}"
end
nets=`virsh dumpxml #{VM_NAME}`
doc=REXML::Document.new(nets).root
doc.elements.each('/domain/devices/interface') {|net|
iface_mac=net.elements['mac'].attributes['address']
mac=iface_mac.split(':')
mac[-1]='00'
net_mac=mac.join(':')
tap=net.elements['target'].attributes['dev']
in_rule="INPUT -d ! #{iface_mac}/FF:FF:FF:FF:FF:FF -i #{tap} -j DROP"
out_rule="OUTPUT -s ! #{net_mac}/FF:FF:FF:FF:FF:00 -o #{tap} -j DROP"
case COMMAND
when "start"
activate(in_rule)
activate(out_rule)
when "stop"
deactivate(in_rule)
deactivate(out_rule)
else
puts "First parameter should be start or stop"
end
}