L2 Cache

Behold the power of |!

User Tools

Site Tools


Sidebar

snipets:solaris:net-vnic-protection

Link Protection

Introduction

Link Protection offers a few methodes to protect your vnic from things like IP Spoofing, MAC Spoofing,…

Bellow you will find some examples, those are mostly based on my blog post.

Quick Reference

Check the current configuration:

dladm show-linkprop -p protection,allowed-ips vnic0

Disable link protection:

dladm reset-linkprop -p protection vnic0

Enable anti MAC-spoofing:

dladm set-linkprop -p protection=mac-nospoof vnic0

Enable anti IP-spoofing:

dladm set-linkprop -p protection=ip-nospoof vnic0
dladm set-linkprop -p allowed-ips=172.16.30.75,172.16.20.75 vnic0

Enable anti Client ID/DUID-spoofing:

dladm set-linkprop -p protection=dhcp-nospoof vnic0

Properties

  • ip-nospoof: limit outgoing traffic from source IP’s learned through DHCP or the allowed-ips property.
  • mac-nospoof: prevents zone admin from changing the mac address.
  • dhcp-nospoof: prevents Client ID/DUID spoofing for DHCP. Limited to the vnic's mac, other list can be specified using allowed-dhcp-cids.
  • restricted: only allows IPv4, IPv6 and ARP protocols.

Examples

Restrict traffic to IPv4,IPv6 and ARP:

dladm set-linkprop -p protection=restricted vnic0

Combining, limit traffic to IPv4,IPv6 and ARP, also prefent mac-spoofing:

dladm set-linkprop -p protection=mac-nospoof,restricted vnic0
snipets/solaris/net-vnic-protection.txt · Last modified: 2014/10/09 22:02 (external edit)