[ILUG] libvirtd NAT iptable rules on fedora
Mark McLoughlin
markmc at redhat.com
Wed Nov 17 13:32:19 GMT 2010
On Wed, 2010-11-17 at 11:26 +0000, Bailey, Darragh wrote:
> > -----Original Message-----
> > From: Mark McLoughlin [mailto:markmc at redhat.com]
> > Sent: 16 November 2010 20:19
> > To: Bailey, Darragh
> > Cc: ilug at linux.ie
> > Subject: Re: [ILUG] libvirtd NAT iptable rules on fedora
> >
> > Hi Darragh,
> >
>
> <snip>
> > Yeah, the issue is that iptables has no mechanism by which libvirt can
> > register its rules without overwriting user's custom rules.
>
> Fedora 13 seems to have some hooks in place using
> system-config-firewall, that allows specifying of custom rule files to
> be included in the final iptables output. Avoids the need to go to a
> pure hand crafted iptables file, and still be able to use the system
> tools without risk of undoing the custom user rules. Took me a while
> to figure out how to use it properly, it's not well advertised, but
> I'm supprised that libvirtd doesn't take advantage of it. Perhaps it's
> just a question of time.
Yeah, we tried that. I forgot to quote the bz:
https://bugzilla.redhat.com/227011
Problem with using lokkit --custom-rules is that it overrides any rules
that an admin might have manually added (i.e. without using lokkit)
to /etc/sysconfig/iptables
Cheers,
Mark.
More information about the ILUG
mailing list