[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Shorewall and libvirt

On 5/6/2021 8:13 PM, Charles Curley wrote:

On Thu, 6 May 2021 09:49:29 +0200
john doe <johndoe65534@mail.com> wrote:


First you need to disable libvirt from playing with iptables, I
changed (virsh net-edit default) from:
    <forward mode='nat'/>

to:

    <forward mode='open'/>


Thank you, that seems to have worked.



Then you can use whatever firewalling solution you like (this is
documented in Libvirt's doc).


I missed it. Sorry.



It is hard to spot it, I was simply mentioning it to let you validate
what I was saying and not to put you on the spot!




Remember that Bullseye as nftables per default, you might want to
switch back to iptables for Shorewall to work properly.


Done, thank you.



:)



During this whole fiasco, I noticed a problem with virtmanager. The
Bullseye version lets the user edit the XML. This is nice, because it
then applies whatever changes the user makes. However, as soon as you
hit the apply button, the displayed XML reverts to the original. The
file is correct, as indicated by cat, but the display is wrong.
Similarly, if you edit externally, even with virsh net-edit, the GUI
does not pick up the changes. I believe this is a serious bug.



I'm only using the CLI.

I would file a bugreport about this on the libvirt mailing list or on
Github! :)

--
John Doe
Reply to: