Re: Shorewall and libvirt
On Thu, 6 May 2021 09:49:29 +0200
john doe <johndoe65534@mail.com> wrote:
> First you need to disable libvirt from playing with iptables, I
> changed (virsh net-edit default) from:
> <forward mode='nat'/>
>
> to:
>
> <forward mode='open'/>
Thank you, that seems to have worked.
>
> Then you can use whatever firewalling solution you like (this is
> documented in Libvirt's doc).
I missed it. Sorry.
>
>
> Remember that Bullseye as nftables per default, you might want to
> switch back to iptables for Shorewall to work properly.
Done, thank you.
During this whole fiasco, I noticed a problem with virtmanager. The
Bullseye version lets the user edit the XML. This is nice, because it
then applies whatever changes the user makes. However, as soon as you
hit the apply button, the displayed XML reverts to the original. The
file is correct, as indicated by cat, but the display is wrong.
Similarly, if you edit externally, even with virsh net-edit, the GUI
does not pick up the changes. I believe this is a serious bug.
--
Does anybody read signatures any more?
https://charlescurley.com
https://charlescurley.com/blog/
Reply to: