Okay, some more fiddling: If I try the second filterset from the second example from the documentation ( http://libvirt.org/formatnwfilter.html#nwfwriteexample2nd ), the resulting firewall rules make even less sense. To quote, what it should do: > opens only TCP ports 22 and 80 of a VM's interface > allows the VM to send ping traffic from an interface but not let the VM be pinged on the interface > allows the VM to do DNS lookups (UDP towards port 53) > enable an ftp server (in active mode) to be run inside the VM What it does: Opens all incoming ports Allows the VM to be pinged Blocks all outgoing traffic (except ICMP, but I suspect that's only because ICMP filtering does not work at all, see above) Prevents an ftp server from running in active mode This is bullshit. How do I get the nwfilter firewall to run properly? -- Mit freundlichen Grüßen, / Best Regards, Sven SCHWEDAS Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwedas@xxxxxx | +43 (0)680 301 7167 http://software.tao.at
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
