[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Prevent the firewall from being compromised through libvirtd



Hello @ all

The libvirt-daemon compromises the packet-filtering-rules at daemon-startup, before any VM is started. To prevent this, I first have create a hook-script which deletes existing rules, but apparently these rules are set after the hook. Removing the defined networks was no solution either. Worst of all is, a service restart of the daemon may even completely neutralize the firewall.

Is there a solution to prevent this undesirable behavior? No matter how or who what do or with what network configuration a VM is started, the daemon must not compromise the firewall, by altering them. The Firewall is untouchable and taboo.

What can I do to disable that? Thank you!

Best Regards
Tom



$ dpkg -l libvirt-daemon
||/ Name                     Version      Architektur  Beschreibung
+++-=========================-============-============-==================================
ii  libvirt-daemon           5.0.0-4      amd64        Virtualization daemon

$ lsb_release -a
Distributor ID:	Debian
Description:	Debian GNU/Linux 10 (buster)
Release:	10
Codename:	buster



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]