[virt-tools-list] virt-manager - iptables / firewall rules
Cole Robinson
crobinso at redhat.com
Thu Feb 11 18:40:59 UTC 2010
On 02/11/2010 01:21 PM, Stefan Bauer wrote:
> Cole Robinson schrieb:
>> On 02/11/2010 09:24 AM, Stefan Bauer wrote:
>>> Hi,
>>>
>>> it seems, that by default some iptable rules get generated[1]. Which
>>> deamon/script is creating this rules? As i want to maintain the
>>> complete iptable-ruleset by my own, how can i get rid of this
>>> automatic rules?
>>>
>>
>> iptables rules are added by libvirt virtual networking. You can remove
>> the default network using
>>
>> virsh net-destroy default; virsh net-undefine default
>
> Cole,
>
> thank you for your time.
>
> # virsh net-destroy default; virsh net-undefine default
> error: Failed to destroy network default
> error: internal error network is not active
>
> Network default has been undefined
>
> Unfortunately if i'm not trying to start a virtual machine, i get
> instantly:
>
> Error starting domain: internal error Network 'default' not found
>
> I'm not impressed by that error message - i expected that after
> deleting the network profile - the machine must complain about it.
>
Sorry, I did not realize you had created virtual machines that were
actually using the default network. If you don't want libvirt messing
with IP tables, you basically can't use virtual networking and will need
to use a network bridge instead.
You can set up a network bridge with the steps here:
http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29
And then attach the bridge based network to your guest using
virt-manager: Details-> Add Hardware -> Network ->Shared physical device
If you want the default network back, use 'virsh net-define default.xml'
where default.xml is the file found here:
http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/network/default.xml;h=9cfc01ed78047f47f9e3c3bd1cc0951057b242bf;hb=HEAD
- Cole
More information about the virt-tools-list
mailing list