Re: [libvirt] [PATCH] network: explicitly allow icmp/icmpv6 in libvirt zonefile

On Thu, Feb 14, 2019 at 02:46:22PM -0500, Laine Stump wrote: > The libvirt zonefile for firewalld (added in commit 3b71f2e4) does the > following: > > 1) lists specific services it wants to allow, then > > 2) uses a lower priority rule to block all other services to >the host, and then

Re: [libvirt] [PATCH] network: explicitly allow icmp/icmpv6 in libvirt zonefile

On Thu, Feb 14, 2019 at 02:46:22PM -0500, Laine Stump wrote: > The libvirt zonefile for firewalld (added in commit 3b71f2e4) does the > following: > > 1) lists specific services it wants to allow, then > > 2) uses a lower priority rule to block all other services to >the host, and then

[libvirt] [PATCH] network: explicitly allow icmp/icmpv6 in libvirt zonefile

The libvirt zonefile for firewalld (added in commit 3b71f2e4) does the following: 1) lists specific services it wants to allow, then 2) uses a lower priority rule to block all other services to the host, and then finally, 3) relies on the zone's default "accept" policy to, accept all