[libvirt-users] ebtables rules are not applied when using libvirt nwfilter
Dear all, I configure my kvm vm like this: <interface type='bridge'> <mac address='52:54:00:dd:b2:c5'/> <source bridge='nw-vpc-1017'/> <target dev='if-57'/> <model type='virtio'/> <filterref filter='clean-traffic'> <parameter name='IP' value='10.0.0.1'/> </filterref> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </interface> But when i start it and show the ebtables rules, nothing is applied [root@kvmhost ~]# ebtables -L Bridge table: filter Bridge chain: INPUT, entries: 0, policy: ACCEPT Bridge chain: FORWARD, entries: 0, policy: ACCEPT Bridge chain: OUTPUT, entries: 0, policy: ACCEPT Bridge chain: libvirt_qemu_FORWARD, entries: 0, policy: DROP Please show me what wrong i've done. Thanks so much! -- Nguyen Thinh
On Wed, Apr 02, 2014 at 10:52:12AM +0700, Thinh Nguyen wrote:
Dear all,
I configure my kvm vm like this:
<interface type='bridge'> <mac address='52:54:00:dd:b2:c5'/> <source bridge='nw-vpc-1017'/> <target dev='if-57'/> <model type='virtio'/> <filterref filter='clean-traffic'> <parameter name='IP' value='10.0.0.1'/> </filterref> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </interface>
But when i start it and show the ebtables rules, nothing is applied
[root@kvmhost ~]# ebtables -L Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
Bridge chain: libvirt_qemu_FORWARD, entries: 0, policy: DROP
Please show me what wrong i've done.
We don't use the filter table, so instead try 'ebtables -t nat -L' Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Daniel P. Berrange -
Thinh Nguyen