Hi there,
is just upgraded to libvirt 0.9.2 and restarted my domains but now all
network filters are gone.
Why does libvirt not set iptables configuration while filterref clause
exists?
Is this a known bug? How can I fix it.
Restarting / redefining doesn't output any errors.
Example config XML of domain:
...
<filterref filter='clean-traffic'>
<parameter name='IP' value='192.168.2.34'/>
</filterref>
...
# virsh -v
0.9.2
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state
RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination