L2 Cache

Behold the power of |!

User Tools

Site Tools


snipets:solaris:net-vnic-protection

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
snipets:solaris:net-vnic-protection [2012/09/20 12:41]
sjorge [Quick Reference]
snipets:solaris:net-vnic-protection [2014/10/09 22:02] (current)
Line 25: Line 25:
  
 ===== Properties ===== ===== Properties =====
-  * **ip-nospoof**:​ limit outgoing traffic from source IP’s learned through DHCP or the allowed-ips property.+  * **ip-nospoof**:​ limit outgoing traffic from source IP’s learned through DHCP or the //allowed-ips// property.
   * **mac-nospoof**:​ prevents zone admin from changing the mac address.   * **mac-nospoof**:​ prevents zone admin from changing the mac address.
-  * **dhcp-nospoof**:​ prevents Client ID/DUID spoofing for DHCP.+  * **dhcp-nospoof**:​ prevents Client ID/DUID spoofing for DHCP. Limited to the vnic's mac, other list can be specified using //​allowed-dhcp-cids//​.
   * **restricted**:​ only allows IPv4, IPv6 and ARP protocols.   * **restricted**:​ only allows IPv4, IPv6 and ARP protocols.
  
 +===== Examples =====
 +**Restrict traffic to IPv4,IPv6 and ARP:**
 +<​code>​dladm set-linkprop -p protection=restricted vnic0</​code>​
 +
 +**Combining,​ limit traffic to IPv4,IPv6 and ARP, also prefent mac-spoofing:​**
 +<​code>​dladm set-linkprop -p protection=mac-nospoof,​restricted vnic0</​code>​
snipets/solaris/net-vnic-protection.txt · Last modified: 2014/10/09 22:02 (external edit)