Re: firewalld v. libvirtd
On Mon, 2013-01-28 at 10:34 +, Jorge Martínez López wrote: Hi Rob: 2013/1/28 Robert Locke li...@ralii.com I would like to associate the virbr0 interface, created by libvirtd, to be considered part of the internal zone, since I trust my own VMs talking to the host. But, what is the supportable method for accomplishing this? There is no ifcfg- where I could put the firewall zone firewall-cmd [--zone=zone] --add-interface=interface from https://fedoraproject.org/wiki/FirewallD#Generic_use Thanks Jorge for this idea But, what I really could use is a persistent solution. I had already found the above documentation, but with each reboot I need to run it again (And, I know I could add it to rc.local, if that still exists, but I want a supported method). And --permanent doesn't seem to work yet for --add-interface but did cover my one service I needed to add to the internal zone. Normally, there is a ZONE= that can be added to the ifcfg- files, but virbr0 doesn't have one of those, or, at least not where I have been able to find it This is why I think there is some enhancement to libvirtd with regard to firewalld that perhaps needs to be created, or I'm overlooking something? --Rob -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewalld v. libvirtd
Hi Rob: 2013/1/28 Robert Locke li...@ralii.com I would like to associate the virbr0 interface, created by libvirtd, to be considered part of the internal zone, since I trust my own VMs talking to the host. But, what is the supportable method for accomplishing this? There is no ifcfg- where I could put the firewall zone firewall-cmd [--zone=zone] --add-interface=interface from https://fedoraproject.org/wiki/FirewallD#Generic_use Greetings, -- Jorge Martínez López jorg...@gmail.com http://www.jorgeml.net -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
firewalld v. libvirtd
Just took the leap in to Fedora 18 from 17. In Fedora 17, I simply added a custom rule in the old system-config-firewall to point to a file that had a trust of the libvirt based virbr0 interface. The new system-config-firewall has me a bit confused I would like to keep the new firewalld and it's initial presumption that my em1 and wlan0 interfaces are in the public zone generally not allowing unsolicited inbound activity. This appears to be the default OOBE. I would like to associate the virbr0 interface, created by libvirtd, to be considered part of the internal zone, since I trust my own VMs talking to the host. But, what is the supportable method for accomplishing this? There is no ifcfg- where I could put the firewall zone Thanks in advance, --Rob -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org