On 15.07.2013 12:57, Daniel P. Berrange wrote: > On Mon, Jul 15, 2013 at 12:52:20PM +0200, Sven Schwedas wrote: >> Could *somebody* shed some light on how the firewall is supposed to >> work? I haven't even managed to get trivial firewall rules to work. As >> mentioned, the examples in the documentation generate completely >> nonsensical rulesets, and if I try writing my own, they make even less >> sense. >> >> For example: >>> <filter name='test-eth0' chain='root'> >>> <rule action='drop' direction='in' priority='900'> >>> <all state='NEW'/> >>> </rule> >>> </filter> >> >> Generates the following iptables rules: https://up.tao.at/u/DE7E2638.txt >> >> ...and will not filter anything. > > NB 95% of the rules libvirt creates are done at the ebtables > level rather than iptables/ip6tables. Said filter set did not generate any ebtables entries. Complete output for ip- and ebtables: https://up.tao.at/u/17C4B040.txt > > Daniel > -- Mit freundlichen Grüßen, / Best Regards, Sven SCHWEDAS Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwedas@xxxxxx | +43 (0)680 301 7167 http://software.tao.at
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
