Hi there, I have been testing the Network Filter [1] feature of libvirt with KVM on RHEL-5.6 and RHEL-6. On RHEL-5.6, it works well except the $IP variable is not supported thus cannot use the clean-filter.
The major problem I found on RHEL-6 is that the iptables rules introduced by nwfilter does not prevent any traffic. The problem is that all traffic going to the VM virtual NIC interface goes through the INPUT chain of the iptables instead of the supposed-to-be FORWARD chain (this is what the nwfilter rules are working on) so that none of the rules have any effect. I am not sure whether this is a libvirt problem or iptables problem. But it seems to me that changing from RHEL-5.6 to RHEL-6, the network traffic works differently. Has anyone had similar experience? Any suggestion or comments are welcome. Thank you very much. Shi [1] http://libvirt.org/formatnwfilter.html -- Shi Jin, PhD -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
