On 08/21/2015 08:50 PM, Patrick Hinkley wrote:
I believe I've found an explanation regarding the VM issue you mention: http://www.atrixnet.com/red-hat-libvirt-kvm-iptables-what-to-do-when-your-kv...
If I understand correctly, the issue is that temporary rules inserted into iptables by other applications are lost when any of the following are called: service iptables stop; service iptables start; service iptables restart; iptables-restore < /etc/sysconfig/iptables;
This issue would not apply when inserting your own temporary rules by such as: iptables -A
Yes, that is correct.
The issue would also not apply when making your temporary rules permanent via: service iptables save
Is my understanding correct?
With service iptables save you are also saving rules of the other services, that could collide with new rules if the configuration of the service changed and other rules need to be added instead.