Re: [libvirt-users] Networkfilters in Routed setup

On Di, 2014-02-18 at 12:03 +0200, Laine Stump wrote: I know that version 0.9.8 is very old. But to be honest i tried to avoid upgrading and compiling a newer version since i don't know if it has any effects on running VMs (but i haven't checked this yet). Its a production server and i did not want to interrupt any services running on these VMs. However, i'm afraid that upgrading might be the only option if i want to avoid setting up iptables manually. Thank you for pointing this out. I just did that. And after a reboot everything is still working as expected (yes. I just DID interrupt the services running in my VMs. So i guess i could even upgrade to a newer libvirt =) ) After reading that i remove the following iptables rule: iptables -D libvirt-out -m physdev --physdev-out vnetX -g FO-vnetX and manually added this rule: (the patch said that adding an extra argument (--physdev-is-bridged) is needed for rules like this): iptables -A libvirt-out -m physdev --physdev-is-bridged --physdev-out vnetX -g FO-vnetX Indeed this prevents my syslog from being spammed with the mentioned warning. However, this did not fix the problem. This rule never matches anything, and thus the FO-vnetX Chain never sees any packets. Using a testing rule like: iptables -A libvirt-out -d 1.2.3.70 -g FO-vnetX made everything work as expected. Well, this is definitely not the way it is expected to work since it does not do any "bridge port" matching. This all makes me think its not a libvirt specific problem and updating to a newer version will not fix my problem. Maybe there is somebody out there using a setup like mine and can show me the rules that a getting created with a newer version of libvirt? So long, thank you for all the usefull information! Kind regards, Sebastian