Re: [libvirt-users] The firewall just doesn't make any sense
On Mon, Jul 15, 2013 at 12:52:20PM +0200, Sven Schwedas wrote:
Could *somebody* shed some light on how the firewall is supposed to
work? I haven't even managed to get trivial firewall rules to work. As
mentioned, the examples in the documentation generate completely
nonsensical rulesets, and if I try writing my own, they make even less
sense.
For example:
> <filter name='test-eth0' chain='root'>
> <rule action='drop' direction='in' priority='900'>
> <all state='NEW'/>
> </rule>
> </filter>
Generates the following iptables rules: https://up.tao.at/u/DE7E2638.txt
...and will not filter anything.
NB 95% of the rules libvirt creates are done at the ebtables
level rather than iptables/ip6tables.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|