On 15.07.2013 12:57, Daniel P. Berrange wrote:
On Mon, Jul 15, 2013 at 12:52:20PM +0200, Sven Schwedas wrote:
Could *somebody* shed some light on how the firewall is supposed to work? I haven't even managed to get trivial firewall rules to work. As mentioned, the examples in the documentation generate completely nonsensical rulesets, and if I try writing my own, they make even less sense.
For example:
<filter name='test-eth0' chain='root'> <rule action='drop' direction='in' priority='900'> <all state='NEW'/> </rule> </filter>
Generates the following iptables rules: https://up.tao.at/u/DE7E2638.txt
...and will not filter anything.
NB 95% of the rules libvirt creates are done at the ebtables level rather than iptables/ip6tables.
Said filter set did not generate any ebtables entries. Complete output for ip- and ebtables: https://up.tao.at/u/17C4B040.txt
Daniel
-- Mit freundlichen Grüßen, / Best Regards, Sven SCHWEDAS Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwedas@tao.at | +43 (0)680 301 7167 http://software.tao.at