Re: F-11 libvirt no longer creating firewall/iptables rules for virtual network?
2009/6/24 Patrick Mansfield : > It happens for me ... when I didn't really want it. But I figured out I > just need to allow samba ports in my general firewall rules, then the > libvirt additions should just work (right now I'm just running "iptables > -I INPUT -i virbr0 -j ACCEPT" after libvirt is running). > > What is iptables showing? > > I see virbr0 in mine and more. hm, odd. Wonder what is different about my config. I'm just using a very simple firewall setup with only ssh loaded. After the libvirtd service is started, I see no mention of virbr0 in iptables output: # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination and yet ifconfig shows the virbr0 bridge has been created succesfully. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: F-11 libvirt no longer creating firewall/iptables rules for virtual network?
On Wed, Jun 24, 2009 at 06:19:00PM +0100, Jonathan Underwood wrote: > Hi, > > I am not sure if I'm bumping into a bug, but on a new F-11 install I > no longer see libvirt/virt-manager creating iptables rules for virtual > machines - does anyone else see this? It happens for me ... when I didn't really want it. But I figured out I just need to allow samba ports in my general firewall rules, then the libvirt additions should just work (right now I'm just running "iptables -I INPUT -i virbr0 -j ACCEPT" after libvirt is running). What is iptables showing? I see virbr0 in mine and more. -- Patrick Mansfield -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
