I have a "development" KVM server here at the office, setup in a bridged networking setup with a few KVM guests running on it. For each KVM guest a virtual interface is created on the node with the name kvm[id].0 e.g. kvm126.0 when the guest boots.
Yesterday I was playing around and wanted to see how I could nullroute a KVM guest in case I needed to.
So I tried route add ip_address reject which had no effect, as no effect had route add ip_address gw 127.0.0.1 lo or ip route add blackhole ip_address/32.
Since it's a bridged network setup, I get why the above didn't work.
Next try was with iptables; I tried
iptables -A INPUT -s ip_address -j DROP
iptables -A FORWARD -s ip_address -j DROP
which did the trick, I couldn't ping the KVM guest anymore.
Now the thing is that if I were a malicious user, I would start trying other neighboring IPs until I find one that doesn't conflict with another guest and statically assign it to my VPS.
So what I would like to know is, if there's a way to block traffic from this guest's particular interface, no matter what IP he has managed to configure his guest machine with.
You could connect to the monitor and shut down the link:
The command
info networkwill list the network interfaces.Note that you must detach the monitor with Ctrl+C. Using
qorquitwourld terminate the VM.