Launchpad has imported 7 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=533193.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2009-11-05T15:16:16+00:00 Jeremy wrote: The default iptables rules added by libvirt preclude having any rules set up on your system to forward traffic to a guest as they include putting REJECT rules into the FORWARD chain Reply at: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/595501/comments/0 ------------------------------------------------------------------------ On 2009-11-05T17:26:50+00:00 Daniel wrote: We need to re-arrange the way we add iptables rules to address this in a good manner. Currently we put them directly into the INPUT/OUTPUT/FORWARD chains, inserting at position 0. This makes it hard for admins to put other rules ahead of our own, since every time we start a new guest its rules get placed ahead of custom rules. What we need todo is to move all our rules to a custom chain. libvirt_INPUT, libvirt_OUTPUT and libvirt_FORWARD. When libvirtd starts up we should create those 3 chains and insert them at position 0 in the main INPUT, OUTPUT & FORWARD chains. When starting VMs the per-VM rules should be in our custom chain. This will allow admins to add their own rules to the main INPUT, OUTPUT, FORWARD chains and guarentee they'll always be ahead of any of libvirts per-VM rules. Reply at: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/595501/comments/1 ------------------------------------------------------------------------ On 2009-11-16T15:09:07+00:00 Bug wrote: This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle. Changing version to '12'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Reply at: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/595501/comments/2 ------------------------------------------------------------------------ On 2009-11-19T10:23:40+00:00 Mark wrote: Makes sense, moving upstream - it's been like this for a long time now, so there's no particular point in tracking it as a Fedora bug Reply at: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/595501/comments/3 ------------------------------------------------------------------------ On 2012-03-06T05:59:10+00:00 David wrote: I'm confused about the status of this issue. Does "moving upstream" mean: A) a separate bug was submitted in another bug tracker B) a change in product/component with this remaining the primary bug In case of A) could we have a URL to the bug? In case of B) what is the status, has anyone worked on this? Could the suggestion in comment 1 be implemented in existing installations via manual configuration and if so how should one go about it? Reply at: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/595501/comments/11 ------------------------------------------------------------------------ On 2015-03-17T16:58:56+00:00 Ján wrote: *** Bug 972368 has been marked as a duplicate of this bug. *** Reply at: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/595501/comments/14 ------------------------------------------------------------------------ On 2016-03-20T22:50:52+00:00 Cole wrote: AFAICT this is still relevant with latest libvirt. firewalld may help here, but not all distros use firewalld Reply at: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/595501/comments/15 ** Changed in: libvirt Status: Unknown => Confirmed ** Changed in: libvirt Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/595501 Title: iptables rules for NAT may break ufw setups Status in libvirt: Confirmed Status in libvirt package in Ubuntu: Invalid Status in ufw package in Ubuntu: Triaged Bug description: Hi there If one tries to use libvirt vms with a NATed network, libvirtd will insert iptables rules before the earliest ufw rules (ufw-before- forward) in the FORWARD chain, and so breaks ufw semantics. It would be nice if libvirt could have a special handling for the rules if ufw is present. Thanks! ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: libvirt-bin 0.7.5-5ubuntu27 ProcVersionSignature: Ubuntu 2.6.32-22.36-server 2.6.32.11+drm33.2 Uname: Linux 2.6.32-22-server x86_64 Architecture: amd64 Date: Thu Jun 17 16:10:39 2010 ProcEnviron: PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/zsh SourcePackage: libvirt To manage notifications about this bug go to: https://bugs.launchpad.net/libvirt/+bug/595501/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
