[libvirt-users] The firewall just doesn't make any sense
Sven Schwedas
sven.schwedas at tao.at
Wed Jul 10 09:34:22 UTC 2013
Okay, some more fiddling:
If I try the second filterset from the second example from the
documentation (
http://libvirt.org/formatnwfilter.html#nwfwriteexample2nd
), the resulting firewall rules make even less sense.
To quote, what it should do:
> opens only TCP ports 22 and 80 of a VM's interface
> allows the VM to send ping traffic from an interface but not let the VM be pinged on the interface
> allows the VM to do DNS lookups (UDP towards port 53)
> enable an ftp server (in active mode) to be run inside the VM
What it does:
Opens all incoming ports
Allows the VM to be pinged
Blocks all outgoing traffic (except ICMP, but I suspect that's only
because ICMP filtering does not work at all, see above)
Prevents an ftp server from running in active mode
This is bullshit. How do I get the nwfilter firewall to run properly?
--
Mit freundlichen Grüßen, / Best Regards,
Sven SCHWEDAS
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20130710/a6cc3f23/attachment.sig>
More information about the libvirt-users
mailing list