[libvirt-users] The firewall just doesn't make any sense
Sven Schwedas
sven.schwedas at tao.at
Mon Jul 15 12:59:43 UTC 2013
On 15.07.2013 12:57, Daniel P. Berrange wrote:
> On Mon, Jul 15, 2013 at 12:52:20PM +0200, Sven Schwedas wrote:
>> Could *somebody* shed some light on how the firewall is supposed to
>> work? I haven't even managed to get trivial firewall rules to work. As
>> mentioned, the examples in the documentation generate completely
>> nonsensical rulesets, and if I try writing my own, they make even less
>> sense.
>>
>> For example:
>>> <filter name='test-eth0' chain='root'>
>>> <rule action='drop' direction='in' priority='900'>
>>> <all state='NEW'/>
>>> </rule>
>>> </filter>
>>
>> Generates the following iptables rules: https://up.tao.at/u/DE7E2638.txt
>>
>> ...and will not filter anything.
>
> NB 95% of the rules libvirt creates are done at the ebtables
> level rather than iptables/ip6tables.
Said filter set did not generate any ebtables entries. Complete output
for ip- and ebtables: https://up.tao.at/u/17C4B040.txt
>
> Daniel
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven SCHWEDAS
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20130715/4702d046/attachment.sig>
More information about the libvirt-users
mailing list