Hi, * Mark McLoughlin <[email protected]> [2009-10-29 13:47]: > On Thu, 2009-10-29 at 13:25 -0400, Andrew Overholt wrote: > > # sysctl net.bridge.bridge-nf-call-iptables > > net.bridge.bridge-nf-call-iptables = 1 > > This is supposed to be zero by default in F-12: > > https://bugzilla.redhat.com/512206
I've commented. > > # iptables -L -v -n > > Chain INPUT (policy ACCEPT 0 packets, 0 bytes) > > pkts bytes target prot opt in out source > > destination > > 2129K 2744M ACCEPT all -- * * 0.0.0.0/0 > > 0.0.0.0/0 state RELATED,ESTABLISHED > > 3 1070 ACCEPT icmp -- * * 0.0.0.0/0 > > 0.0.0.0/0 > > 7 420 ACCEPT all -- lo * 0.0.0.0/0 > > 0.0.0.0/0 > > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > > 0.0.0.0/0 state NEW tcp dpt:22 > > 2669 335K REJECT all -- * * 0.0.0.0/0 > > 0.0.0.0/0 reject-with icmp-host-prohibited > > Looks like iptables is missing the rules libvirt starts; a 'service > libvirtd reload' should load them again, but you say you've tried that? Yeah, that didn't seem to do anything. I re-tried it and re-started my guests but nothing changed. > Does 'virsh net-destroy default' and 'virsh net-start default' followed > by a restart of the guests help? Yes, that fixes it. Is there a bug I should file? TVM, Andrew _______________________________________________ Fedora-virt mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-virt
