[libvirt-users] Routed network w/o libvirt adding iptables rules
Hello In the case of a "routed" libvirt network, is there a way to prevent libvirt from adding *any* iptables rules? Or at least to stop libvirt from inserting its rules at the *top* of the chains (which renders previously inserted rules useless)? I have VPN tunnels connecting VMs with each other and with clients, and the default rules generated by libvirt are not right for my use case. The firewall rulesets i actually need are quite simple. I am very happy to manage them outside libvirt. I am thinking of replacing /sbin/iptables with a dummy, but that is a last ressort which i hope is not necessary. Please advise /nils. PS: See also long standing libvirt issues: * https://bugzilla.redhat.com/show_bug.cgi?id=533193 * https://bugzilla.redhat.com/show_bug.cgi?id=689377
2013/2/26 Nils Toedtmann <lists@nils.toedtmann.net>
Hello
In the case of a "routed" libvirt network, is there a way to prevent libvirt from adding *any* iptables rules? Or at least to stop libvirt from inserting its rules at the *top* of the chains (which renders previously inserted rules useless)?
I have VPN tunnels connecting VMs with each other and with clients, and the default rules generated by libvirt are not right for my use case.
The firewall rulesets i actually need are quite simple. I am very happy to manage them outside libvirt.
I am thinking of replacing /sbin/iptables with a dummy, but that is a last ressort which i hope is not necessary.
Please advise /nils.
PS: See also long standing libvirt issues:
* https://bugzilla.redhat.com/show_bug.cgi?id=533193 * https://bugzilla.redhat.com/show_bug.cgi?id=689377
I can reproduce the issue in bug 689377 , https://bugzilla.redhat.com/show_bug.cgi?id=689377#c3 . This problem has troubled me for a long time.
participants (2)
-
Gao Yongwei -
Nils Toedtmann