thr3ads.net - libvirt users - [libvirt-users] ebtables rules are not applied when using libvirt nwfilter [Apr 2014]

If this information is useful, please help other people find it:
Share via:

Thinh Nguyen

2014-Apr-02 03:52 UTC

[libvirt-users] ebtables rules are not applied when using libvirt nwfilter

Dear all,

I configure my kvm vm like this:

   <interface type='bridge'>
      <mac address='52:54:00:dd:b2:c5'/>
      <source bridge='nw-vpc-1017'/>
      <target dev='if-57'/>
      <model type='virtio'/>
      <filterref filter='clean-traffic'>
        <parameter name='IP' value='10.0.0.1'/>
      </filterref>
      <address type='pci' domain='0x0000' bus='0x00'
slot='0x05'
function='0x0'/>
    </interface>

But when i start it and show the ebtables rules, nothing is applied

[root@kvmhost ~]# ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

Bridge chain: libvirt_qemu_FORWARD, entries: 0, policy: DROP

Please show me what wrong i've done.
Thanks so much!
-- 
Nguyen Thinh

Daniel P. Berrange

2014-Apr-02 08:13 UTC

head link

Re: [libvirt-users] ebtables rules are not applied when using libvirt nwfilter

On Wed, Apr 02, 2014 at 10:52:12AM +0700, Thinh Nguyen
wrote:> Dear all,
> 
> I configure my kvm vm like this:
> 
>    <interface type='bridge'>
>       <mac address='52:54:00:dd:b2:c5'/>
>       <source bridge='nw-vpc-1017'/>
>       <target dev='if-57'/>
>       <model type='virtio'/>
>       <filterref filter='clean-traffic'>
>         <parameter name='IP' value='10.0.0.1'/>
>       </filterref>
>       <address type='pci' domain='0x0000'
bus='0x00' slot='0x05'
> function='0x0'/>
>     </interface>
> 
> But when i start it and show the ebtables rules, nothing is applied
> 
> [root@kvmhost ~]# ebtables -L
> Bridge table: filter
> 
> Bridge chain: INPUT, entries: 0, policy: ACCEPT
> 
> Bridge chain: FORWARD, entries: 0, policy: ACCEPT
> 
> Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
> 
> Bridge chain: libvirt_qemu_FORWARD, entries: 0, policy: DROP
> 
> Please show me what wrong i've done.
We don't use the filter table, so instead try 'ebtables -t nat -L'

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

Possibly Parallel Threads

Search for more maybe matching threads

libvirt users - Apr 2014 - ebtables rules are not applied when using libvirt nwfilter

[libvirt-users] ebtables rules are not applied when using libvirt nwfilter

Re: [libvirt-users] ebtables rules are not applied when using libvirt nwfilter

Possibly Parallel Threads