[libvirt-users] KVM + libvirt + nftables without iptables?
Michal Privoznik
mprivozn at redhat.com
Thu Oct 18 15:51:56 UTC 2018
On 10/18/2018 10:14 AM, Daniel P. Berrangé wrote:
> On Wed, Oct 17, 2018 at 05:57:11PM +0200, Roman Vesely wrote:
>> Hi everyone,
>>
>> I use Debian 9.5 Stretch and NFTABLES as a firewall.
>> Using NFTABLES together with IPTABLES is not recommended,
>> but libvirt depends on IPTABLES.
>>
>> Is it safe to run libvirt + kvm + virsh without IPTABLES?
>>
>> By the doc https://libvirt.org/firewall.html,
>> IPTABLES are used for settingup filtering which I do not need.
>
> Currently it is *NOT* ok.
Pardon me if I misread the question but I think Roman is actually asking
if he turns off iptables in libvirt. Well, that would work but all the
forwarding rules, rules that prevent one domain to see traffic of the
other, etc - you would have to do them yourself. Or trust your guests.
But Dan is right - if iptables are enabled in libvirt such setup will
break terribly.
Michal
More information about the libvirt-users
mailing list