Could *somebody* shed some light on how the firewall is supposed to work? I haven't even managed to get trivial firewall rules to work. As mentioned, the examples in the documentation generate completely nonsensical rulesets, and if I try writing my own, they make even less sense.
For example: > <filter name='test-eth0' chain='root'> > <rule action='drop' direction='in' priority='900'> > <all state='NEW'/> > </rule> > </filter> Generates the following iptables rules: https://up.tao.at/u/DE7E2638.txt ...and will not filter anything. > <filter name='test-eth0' chain='root'> > <rule action='accept' direction='in' priority='500'> > <tcp srcipaddr='192.168.17.127' dstportstart='22'/> > </rule> > <rule action='drop' direction='in' priority='900'> > <all/> > </rule> > </filter> Will filter port 22 as well. The generated iptables rules are as following: https://up.tao.at/u/423CFFE9.txt The *input* rules have the *source* address set as *destination*. Is this a bug in libvirt/iptables? -- Mit freundlichen Grüßen, / Best Regards, Sven SCHWEDAS Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167 http://software.tao.at
signature.asc
Description: OpenPGP digital signature
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
