
I've started playing with libvirt and I have question?

What is proper way to make guest accessible from net. 

I have mode=nat /var/lib/libvirt/network/default.xml. 

libvirtd makes this rules in FORWARD chain

-A FORWARD -d -o virbr0 -m state --state RELATED,ESTABLISHED 
-A FORWARD -s -i virbr0 -j ACCEPT 
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT 
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 

If I add 
iptables -I FORWARD -i eth0 -o virbr0 -j ACCEPT
guests are accessible

My question is:
Is is possible write this somewhere to configuration? 

I've tried to put it in /etc/sysconfig/iptables but it libvirtd put his
rules before mine.

I've found two directories

I suppose I can write my rules here but I haven't find any docs about
format. Can somebody help me with it?


fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Reply via email to