Re: [libvirt-users] Easy solution for custom firewall rules-

Nakta wrote: I read over those resources and I did what I thought would be correct, but it's not having any effect. I created a new nwfilter like this: <filter name='allow-virbr2-vpn' chain='ipv4' priority='-700'> <rule action='accept' direction='in' priority='500'> <all state='ESTABLISHED'/> </rule> <rule action='accept' direction='out' priority='500'> <all state='ESTABLISHED,RELATED'/> </rule> <rule action='accept' direction='in' priority='100'> <ip dstipaddr='192.168.8.0' dstipmask='24'/> </rule> <rule action='accept' direction='out' priority='100'> <ip srcipaddr='192.168.8.0' srcipmask='24'/> </rule> <rule action='drop' direction='inout' priority='500'> <all/> </rule> </filter> I then associated that filter with the Interface device on the VM server within KVM... and shutdown/restart that VM. <interface type='network'> <mac address='XX:XX:XX:XX:XX:XX'/> <source network='locservers'/> <model type='virtio'/> <filterref filter='allow-virbr2-vpn'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> After this, nothing happens. I did 'ebtables --list', and the new rules aren't there. I also did the same with iptables as well as firewalld itself. The new rules are nowhere to be found. What did I do incorrectly here? Thanks! -JK