On Mon, Jul 15, 2013 at 12:52:20PM +0200, Sven Schwedas wrote: > Could *somebody* shed some light on how the firewall is supposed to > work? I haven't even managed to get trivial firewall rules to work. As > mentioned, the examples in the documentation generate completely > nonsensical rulesets, and if I try writing my own, they make even less > sense. > > For example: > > <filter name='test-eth0' chain='root'> > > <rule action='drop' direction='in' priority='900'> > > <all state='NEW'/> > > </rule> > > </filter> > > Generates the following iptables rules: https://up.tao.at/u/DE7E2638.txt > > ...and will not filter anything. NB 95% of the rules libvirt creates are done at the ebtables level rather than iptables/ip6tables. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
