Re: [libvirt-users] The firewall just doesn't make any sense
On 15.07.2013 12:57, Daniel P. Berrange wrote:
On Mon, Jul 15, 2013 at 12:52:20PM +0200, Sven Schwedas wrote:
> Could *somebody* shed some light on how the firewall is supposed to
> work? I haven't even managed to get trivial firewall rules to work. As
> mentioned, the examples in the documentation generate completely
> nonsensical rulesets, and if I try writing my own, they make even less
> sense.
>
> For example:
>> <filter name='test-eth0' chain='root'>
>> <rule action='drop' direction='in'
priority='900'>
>> <all state='NEW'/>
>> </rule>
>> </filter>
>
> Generates the following iptables rules: https://up.tao.at/u/DE7E2638.txt
>
> ...and will not filter anything.
NB 95% of the rules libvirt creates are done at the ebtables
level rather than iptables/ip6tables.
Said filter set did not generate any ebtables entries. Complete output
for ip- and ebtables: https://up.tao.at/u/17C4B040.txt
Daniel
--
Mit freundlichen Grüßen, / Best Regards,
Sven SCHWEDAS
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas(a)tao.at | +43 (0)680 301 7167
http://software.tao.at
Attachments:
- signature.asc (application/pgp-signature — 665 bytes)