Comment 17 for bug 1316271

For some reason I was thinking there was an OSSN covering this, but the closest I found was the one on poor configuration instructions for live migration exposing libvirt's control interface to tenant instances. I also don't see anything in the security guide specifically addressing network hardening for compute nodes (recommended filter rules for local interfaces, isolating running services onto separate VLANs from instance virtual interfaces, et cetera) though it's possible I've overlooked it.