Firewall
Richard W.M. Jones
rjones at redhat.com
Wed Dec 8 09:37:59 UTC 2010
On Wed, Dec 08, 2010 at 03:53:34AM +0100, Matej Cepl wrote:
> Dne 7.12.2010 22:30, Richard W.M. Jones napsal(a):
> > The issue we face with libvirt is it needs to be able to add extra
> > rules to the existing firewall, and have those rules added in the
> > right place, and preserved across firewall restarts, reboots and so
> > on. There are other services which need to add rules too (see cups
> > mentioned previously in this thread).
>
> a) libvirt somehow manages to work just fine on my computer even with my
> script, so why to change it?
libvirtd (the daemon) does currently add firewall rules, and those
rules are necessary. If you restart the iptables service, or
otherwise drop those rules, all your guests will lose their network.
Either you're not using libvirtd, not running guests, or not rerunning
your firewall script. In any case, a fixed shell script is not
flexible enough for libvirt and some other services.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v
More information about the devel
mailing list