[virt-tools-list] iptables rules created by libvirt
Ratliff, John
jdratlif at iu.edu
Thu May 3 00:51:06 UTC 2018
I want to use NAT forwarding to forward some ports on my kvm host to my
guests. There is a rule that libvirt is creating that rejects this traffic,
and it gets recreated every time the network is updated.
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
My FORWARD policy is set to DROP, so I'd like to just remove this rule, but
I don't understand where it's coming from.
I'm using kvm/qemu/libvirt on a RedHat 7.5 host.
It's not clear to me whether anything is using any of the nwfilter rules. I
haven't added any, and I don't see any referenced in any of my domain xml
dumps or the network xml dump.
Can I get libvirt to stop adding this rule, or even any firewall rules and
I'll do it myself?
Thanks.
John Ratliff | Pervasive Technology Institute | UITS | Research Storage -
Indiana University | <http://pti.iu.edu/> http://pti.iu.edu/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20180503/ae3d5e62/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5670 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20180503/ae3d5e62/attachment.p7s>
More information about the virt-tools-list
mailing list