[PATCH 0/4] network: firewalld: fix routed network
Eric Garver
eric at garver.life
Wed May 11 15:41:51 UTC 2022
This series fixes routed networks when a newer firewalld (>= 1.0.0) is
present [1]. Firewalld 1.0.0 included a change that disallows implicit
forwarding between zones [2]. libvirt was relying on this behavior to
allow routed networks to function.
New firewalld policies are added. This is done to use common rules
between NAT and routed networks. Policies have been supported since
firewalld 0.9.0.
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=2055706
[2]: https://github.com/firewalld/firewalld/issues/177
Eric Garver (4):
network: firewalld: convert to policies
network: firewalld: add zone for routed networks
network: firewalld: add policies for routed networks
network: firewalld: add support for routed networks
src/network/bridge_driver_linux.c | 6 +++++-
src/network/libvirt-nat-out.policy | 12 ++++++++++++
src/network/libvirt-routed-in.policy | 11 +++++++++++
src/network/libvirt-routed-out.policy | 12 ++++++++++++
src/network/libvirt-routed.zone | 12 ++++++++++++
src/network/libvirt-to-host.policy | 21 +++++++++++++++++++++
src/network/libvirt.zone | 23 +++++------------------
src/network/meson.build | 25 +++++++++++++++++++++++++
8 files changed, 103 insertions(+), 19 deletions(-)
create mode 100644 src/network/libvirt-nat-out.policy
create mode 100644 src/network/libvirt-routed-in.policy
create mode 100644 src/network/libvirt-routed-out.policy
create mode 100644 src/network/libvirt-routed.zone
create mode 100644 src/network/libvirt-to-host.policy
--
2.33.0
More information about the libvir-list
mailing list