Hello,
I was wondering if anybody could tell me how to set up firewalld together with kvm.
For example a fedora 20 host running a centos6.5 guest. The guest is using bridge0 which is connected to eth0.
What devices do I need to which zone. Do the virtual devices like vnet1 and vnet2 need to be added to a zone ?
I keep running into walls here (firewalls to be precise), the only thing I can find on this subject is 'switch back to iptables'. But I would like to know how to fix this with firewalld.
Anybody who has any ideas on this ?
Cheers Rob
After spending a serious amount of time on google this line fixed it for me. Now firewalld no longer blocks the dhcp requests that come from the kvm guest.
firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
There is no mention off this in the manpage of firewall-cmd (or the one for iptables), nor on the on the firewalld website. https://fedoraproject.org/wiki/FirewallD
I think a mention of the case : 'how to configure firewalld on a kvm host' would get some credits from a few people.
Rob
2014-09-29 8:00 GMT+02:00 Rob Verduijn rob.verduijn@gmail.com:
Hello,
I was wondering if anybody could tell me how to set up firewalld together with kvm.
For example a fedora 20 host running a centos6.5 guest. The guest is using bridge0 which is connected to eth0.
What devices do I need to which zone. Do the virtual devices like vnet1 and vnet2 need to be added to a zone ?
I keep running into walls here (firewalls to be precise), the only thing I can find on this subject is 'switch back to iptables'. But I would like to know how to fix this with firewalld.
Anybody who has any ideas on this ?
Cheers Rob
I poked around some more on google and this link seems to explain it all. https://www.happyassassin.net/2014/07/23/bridged-networking-for-libvirt-with...
Rob
2014-09-29 8:00 GMT+02:00 Rob Verduijn rob.verduijn@gmail.com:
Hello,
I was wondering if anybody could tell me how to set up firewalld together with kvm.
For example a fedora 20 host running a centos6.5 guest. The guest is using bridge0 which is connected to eth0.
What devices do I need to which zone. Do the virtual devices like vnet1 and vnet2 need to be added to a zone ?
I keep running into walls here (firewalls to be precise), the only thing I can find on this subject is 'switch back to iptables'. But I would like to know how to fix this with firewalld.
Anybody who has any ideas on this ?
Cheers Rob
firewalld-users@lists.fedorahosted.org