[libvirt-users] The firewall just doesn't make any sense
Okay, some more fiddling:
If I try the second filterset from the second example from the
documentation (
http://libvirt.org/formatnwfilter.html#nwfwriteexample2nd
), the resulting firewall rules make even less sense.
To quote, what it should do:
opens only TCP ports 22 and 80 of a VM's interface
allows the VM to send ping traffic from an interface but not let the VM be pinged on the
interface
allows the VM to do DNS lookups (UDP towards port 53)
enable an ftp server (in active mode) to be run inside the VM
What it does:
Opens all incoming ports
Allows the VM to be pinged
Blocks all outgoing traffic (except ICMP, but I suspect that's only
because ICMP filtering does not work at all, see above)
Prevents an ftp server from running in active mode
This is bullshit. How do I get the nwfilter firewall to run properly?
--
Mit freundlichen Grüßen, / Best Regards,
Sven SCHWEDAS
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas(a)tao.at | +43 (0)680 301 7167
http://software.tao.at
Attachments:
- signature.asc (application/pgp-signature — 665 bytes)