On Sun, Nov 17, 2019 at 11:28 PM Patrick O'Callaghan pocallaghan@gmail.com wrote:
On Sun, 2019-11-17 at 21:03 +0100, Tom H wrote:
On Sun, Nov 17, 2019 at 10:14 AM Ed Greshko ed.greshko@greshko.com wrote:
Of course. Note that virbr0 was already in the libvirt zone. I didn't add it explicitly as far as I can recall. In fact I did notice that whenever a VM started up (via virt-manager) I got a popup from the firewall applet to say that virbr0 was in the libvirt zone, but the applet itself always incorrectly showed virbr0 in my default zone (home) as Ed has already mentioned.
Comment from the libvirt source
/* if firewalld is active, try to set the "libvirt" zone. This is
- desirable (for consistency) if firewalld is using the iptables
- backend, but is necessary (for basic network connectivity) if
- firewalld is using the nftables backend
*/
So it's an nftables requirement.
I've never heard of nftables. I assumed that iptables was the backend.
iptables is still the firewalld backend in Fedora.