F-11 libvirt no longer creating firewall/iptables rules for virtual network?
Jonathan Underwood
jonathan.underwood at gmail.com
Wed Jun 24 23:27:12 UTC 2009
2009/6/24 Patrick Mansfield <patman at aracnet.com>:
> It happens for me ... when I didn't really want it. But I figured out I
> just need to allow samba ports in my general firewall rules, then the
> libvirt additions should just work (right now I'm just running "iptables
> -I INPUT -i virbr0 -j ACCEPT" after libvirt is running).
>
> What is iptables showing?
>
> I see virbr0 in mine and more.
hm, odd. Wonder what is different about my config. I'm just using a
very simple firewall setup with only ssh loaded. After the libvirtd
service is started, I see no mention of virbr0 in iptables output:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
REJECT all -- anywhere anywhere
reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere
reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
and yet ifconfig shows the virbr0 bridge has been created succesfully.
More information about the fedora-list
mailing list