You nailed it - 1.6 on CentOS 6. I'm stuck with the OS, so it looks like I'll have to build a new package. Any dependency changes I should be aware of? - Dan
Laine Stump <[email protected]> wrote: >On 09/08/2011 03:42 PM, Dan Krause wrote: >> I know this is the -devel mailing list, but I can find no other way >of >> contacting netcf developers or users. >> >> Every time I use netcf, it makes a change to my iptables config, by >> adding the following line: >> >> -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT >> >> This is a pretty fundamental change to my iptables configuration - it >> causes every packet destined for a bridged interface to pass through, >> which breaks my existing firewall config. This causes traffic to make >it >> through to the bridges that I was formerly restricting. Every time I >> comment it out, it gets added. Nothing I do seems to stop this tool >from >> breaking my iptables every time I use it. Browsing the source seems >to >> indicate that if bridged traffic is passed through iptables, netcf >will >> purposely alter my firewall config during the netcf init stage. Every >> time. >> >> How can this be corrected, so I can retain control of my firewall >> configuration while using this tool to configure network bridges via >> libvirt? > >We came to the same conclusion as you some time ago, and removed the >code that examines/modifies iptables config prior to the release of >version 0.1.7 (which happened nearly a year ago - Sept 24, 2010). > >So, you must be using netcf 0.1.6 or earlier. What is the source of >your >binary? I assume it's either RHEL 6.0 or CentOS 6.0. If the former, I >believe an update to RHEL 6.1 would get you to 0.1.7; if CentOS, I'm >unfamiliar with their current update status, but couldn't find a newer >version in their yum repo, so I'm guessing that for now the solution >for >CentOS would be to build from source. _______________________________________________ netcf-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/netcf-devel
