I want to use NAT forwarding to forward some ports on my kvm host to my guests. There is a rule that libvirt is creating that rejects this traffic, and it gets recreated every time the network is updated. -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable My FORWARD policy is set to DROP, so I’d like to just remove this rule, but I don’t understand where it’s coming from. I’m using kvm/qemu/libvirt on a RedHat 7.5 host. It’s not clear to me whether anything is using any of the nwfilter rules. I haven’t added any, and I don’t see any referenced in any of my domain xml dumps or the network xml dump. Can I get libvirt to stop adding this rule, or even any firewall rules and I’ll do it myself? Thanks. John Ratliff | Pervasive Technology Institute | UITS | Research Storage - Indiana University | http://pti.iu.edu/ |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ virt-tools-list mailing list virt-tools-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/virt-tools-list
