On 8/16/20 11:42 PM, Ed Greshko wrote:
On 2020-08-17 11:40, Robert Moskowitz wrote:
No I don't
# firewall-cmd --info-zone=libvirt
libvirt (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: virbr0
sources:
services: dhcp dhcpv6 dns ssh tftp
ports:
protocols: icmp ipv6-icmp
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
Well, connections from a QEMU guest come via the virbr0 interface
which is in the libvirt zone.
So, you'll need to add that port for ssh to work.
Thanks for leading me to the problem. I will read up on this in the
morning and get it working (I know you are half-way around the world
from me!).
I have dealt with firewall zones on 'real' firewalls. Just never really
spent the time on a host config. But until know, the host was always an
endpoint.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
