Hi everyone, When i start a libvirt domain (on KVM) with network filtering (using filterref clean-traffic for example), the filter works ! But ... i don't understand how/why it works :( Indeed when i look at ebtables -L iptables-save & arptables-save (and KVM command), I see no filtering rules (which is surprising because clean-traffic requires at least ebtables to be installed). Is it normal ? Do i miss some xxtables administration command to see them ? What appends if i do a arptables-restore, iptables-restore after the vm startup ? Does it remove network filtering rules from xxtables ? No impact ? Thx by advance for your help ZZ, what is the magic behind my questioning ? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20111213/2bd20715/attachment.htm>
On Tue, Dec 13, 2011 at 11:18:35PM +0100, zz elle wrote:> Hi everyone, > > > When i start a libvirt domain (on KVM) with network filtering (using > filterref clean-traffic for example), the filter works ! > But ... i don't understand how/why it works :( > Indeed when i look at ebtables -L iptables-save & arptables-save (and KVM > command), > I see no filtering rules (which is surprising because clean-traffic > requires at least ebtables to be installed).You want to look at 'ebtables -t nat -L' not a plain 'ebtables -L' Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|