Re: [libvirt] Plan A or Plan B?

>>> 1. In a manner similar to what is done for IPV6, add ip6tables rules >>> >>>to permit virtual systems to communicate via a defined virtual >>> >>>interface which has no gateway addresses defined. This does mean that >>> >>>virtual systems will not be able to communicate with the host via this >>> >>>interface ... only with each other. Also, the following must be: >>> >>> net.ipv6.conf.virbr19.disable_ipv6 = 1 >>> >>>so that the kernel does not start anything. >> >>This discussion was left open at the end - Dan, do you see any problem >> >>with adding the rules permitting IPv6 traffic between the guests as long >> >>as the host has disable_ipv6 set? Or will we still need to add an >> >>"ipv6='yes'" attribute to the toplevel <network> element? > >I have looked over the code as well as done some testing (the code is > >all in network/bridge_driver.c). Unless there really is an IPv6 > >address specified, disable_ipv6=1. Yes, technically it can be done. I just want to make sure that it saitisfies everyone's "don't open a new hole by default"