/etc/libvirt/nwfilter/no-ip-spoofing.xml is in libvirt-bin 1.3.1-1ubuntu10.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | <filter name='no-ip-spoofing' chain='ipv4-ip' priority='-710'>
<!-- allow UDP sent from 0.0.0.0 (DHCP); filter more exact later -->
<rule action='return' direction='out' priority='100'>
<ip srcipaddr='0.0.0.0' protocol='udp'/>
</rule>
<!-- allow all known IP addresses -->
<rule direction='out' action='return' priority='500'>
<ip srcipaddr='$IP'/>
</rule>
<!-- drop everything else -->
<rule direction='out' action='drop' priority='1000'/>
</filter>
|