[libvirt] [PATCH] nwfilter: changes to rules in VM->host table
Stefan Berger
stefanb at linux.vnet.ibm.com
Tue Oct 19 23:27:59 UTC 2010
On 10/19/2010 06:31 AM, Daniel Veillard wrote:
> On Thu, Oct 14, 2010 at 01:29:31PM -0400, Stefan Berger wrote:
>> In the table built for traffic coming from the VM going to the host
>> make the following changes:
>>
>> - don't ACCEPT the packets but do a 'RETURN' and let the
>> host-specific firewall rules in subsequent rules evaluate whether
>> the traffic is allowed to enter
>> - use the '-m state' in the rules as everywhere else
>>
>> Signed-off-by: Stefan Berger<stefanb at us.ibm.com>
> ACK,
>
> Daniel
>
Pushed.
Stefan
More information about the libvir-list
mailing list