[virt-tools-list] iptables rules created by libvirt
jdratlif at iu.edu
Thu May 3 12:55:03 UTC 2018
I used your second link to write a perl script to do what I wanted.
John Ratliff | Pervasive Technology Institute | UITS | Research Storage -
Indiana University | http://pti.iu.edu/
From: Pavel Hrdina <phrdina at redhat.com>
Sent: Thursday, May 3, 2018 4:43 AM
To: Ratliff, John <jdratlif at iu.edu>
Cc: virt-tools-list at redhat.com
Subject: Re: [virt-tools-list] iptables rules created by libvirt
On Thu, May 03, 2018 at 12:51:06AM +0000, Ratliff, John wrote:
> I want to use NAT forwarding to forward some ports on my kvm host to
> my guests. There is a rule that libvirt is creating that rejects this
> traffic, and it gets recreated every time the network is updated.
> -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
> My FORWARD policy is set to DROP, so I'd like to just remove this
> rule, but I don't understand where it's coming from.
Hi, here you can read about libvirt networking and how it works .
> I'm using kvm/qemu/libvirt on a RedHat 7.5 host.
> It's not clear to me whether anything is using any of the nwfilter
> rules. I haven't added any, and I don't see any referenced in any of
> my domain xml dumps or the network xml dump.
> Can I get libvirt to stop adding this rule, or even any firewall rules
> and I'll do it myself?
There is no need to change this behavior, you can use QEMU guest hook where
you can add your own iptables rules .
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5670 bytes
Desc: not available
More information about the virt-tools-list