[Libvir] Virtual network iptables rules
Richard W.M. Jones
rjones at redhat.com
Thu Apr 5 11:00:11 UTC 2007
Daniel P. Berrange wrote:
>>> Chain INPUT (policy ACCEPT 76724 packets, 366M bytes)
>>> pkts bytes target prot opt in out source
>>> destination
>>> 0 0 ACCEPT udp -- vnet2 * 0.0.0.0/0
>>> 0.0.0.0/0 udp dpt:53
>>> 0 0 ACCEPT tcp -- vnet2 * 0.0.0.0/0
>>> 0.0.0.0/0 tcp dpt:53
>>> 0 0 ACCEPT udp -- vnet2 * 0.0.0.0/0
>>> 0.0.0.0/0 udp dpt:67
>>> 0 0 ACCEPT tcp -- vnet2 * 0.0.0.0/0
>>> 0.0.0.0/0 tcp dpt:67
>> So we have ACCEPT rules on a chain whose default policy is ACCEPT? Is
>> there a later catch-all REJECT rule which I'm not seeing?
>
> Basically assume the policy of the chain could be anything. I just happened
> to have it as ACCEPT, but the user may well have other rules added by the
> OS tools (eg system-config-securitylevel) which would otherwise block our
> traffic. So in coming up with the rules I tried to be as explicit as possible
> about what to ACCEPT/REJECT.
Understood. The rules seem fine in that case.
Rich.
--
Emerging Technologies, Red Hat http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF Mobile: +44 7866 314 421
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
Registered in England and Wales under Company Registration No. 3798903
Directors: Michael Cunningham (USA), Charlie Peters (USA) and David
Owens (Ireland)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20070405/87ca0df3/attachment-0001.bin>
More information about the libvir-list
mailing list