Re: [libvirt] Proposed: always allow packets internal to an interface

On 11/08/2012 09:01 PM, Laine Stump wrote:
Hmm - would it maybe be okay to always add the ip6tables rule to allow
ipv6 traffic between interfaces on the bridge, while still setting
disable_ipv6=1 (unless there is an <ip> with an ipv6 address)? The
guests could then do IPv6 among themselves if they wanted, but there
would be no way to get to the host via IPv6.
All I can say is that it seems to work ... at least my definition of work.

Obviously (I hope) the virtualization host sees nothing of the communications between the virtual systems on the "very private" virtual network.

Take a look at my message which describes what I did. Give it a try for your self and tell us what you see.

I do not know how things are suppose to work, I can only report on how they do work.

Now, that is not to say that if you call some function to do something, that, in addition to performing what you want, it also does some other "stuff." That is, if I have ip6tables do something, is it also doing something else?


