Prevent the firewall from being compromised through libvirtd
Thomas Luening
toml at thlu.de
Sat Jan 25 15:52:40 UTC 2020
Hello @ all
The libvirt-daemon compromises the packet-filtering-rules at daemon-startup, before any VM is started. To prevent this, I first
have create a hook-script which deletes existing rules, but apparently these rules are set after the hook. Removing the defined
networks was no solution either. Worst of all is, a service restart of the daemon may even completely neutralize the firewall.
Is there a solution to prevent this undesirable behavior? No matter how or who what do or with what network configuration a VM
is started, the daemon must not compromise the firewall, by altering them. The Firewall is untouchable and taboo.
What can I do to disable that? Thank you!
Best Regards
Tom
$ dpkg -l libvirt-daemon
||/ Name Version Architektur Beschreibung
+++-=========================-============-============-==================================
ii libvirt-daemon 5.0.0-4 amd64 Virtualization daemon
$ lsb_release -a
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
More information about the libvirt-users
mailing list