Re: [libvirt-users] network interface management in bridge firewall configuration

On 06/17/2010 11:01 AM, Aleksander Trofimowicz wrote: There should be no problems with this. The only place any of these are used in netcf is that net.bridge.bridge-nf-call-iptables is checked at one point, and if it's set to 1, an attempt is made to assure traffic can pass through all the bridges by parsing /etc/sysconfig/iptables and adding appropriate rules (see the function bridge_physdevs() in netcf if you're into looking at source code). One thing that has shown up recently is that when bridge-nf-call-iptables is 1, if /etc/sysconfig/iptables is empty or malformed, netcf will fail to initialize. There have been a couple of bugs filed against RHEL for this, but they haven't yet been cloned upstream. Just to verify this is actually the problem, can you check your /etc/sysconfig/iptables to see if it is 0 length (and if so, put some basic rules in and try again)?