search for: dstportstart

...filter shipped with libvirt. VM throws the same error above. Any idea why this happens? How can I implement outbound traffic control in libvirt? Thanks a lot. <filter name='filter-test'> <rule action='accept' direction='in' priority='500'> <tcp dstportstart='22'/> </rule> <rule action='accept' direction='out' priority='500'> <ip dstipaddr='IP1'/> </rule> <rule action='accept' direction='out' priority='500'> <ip dstipaddr='IP2'/&g...

...only zone --> <!-- but SSH can go to an other SSH proxy --> <filterref filter='clean-traffic' /> <!-- enable SSH (tcp port 22) to go inside the zone --> <rule action='accept' direction='in'> <tcp dstportstart='22'/> </rule> <!-- accept the SSH to the other out --> <rule action='accept' direction='out'> <tcp dstipaddr='192.168.150.50' dstportstart='22' /> </rule> <!-- den...

...<all state='RELATED,ESTABLISHED'/> </rule> <rule action='return' direction='in' priority='500'> <icmp/> </rule> <rule action='accept' direction='in' priority='500'> <tcp dstportstart='22'/> </rule> <rule action='accept' direction='in' priority='500'> <tcp dstportstart='80'/> </rule> <rule action='reject' direction='in' priority='1000'> <all/>...

...D'/> </rule> <rule action='accept' direction='out' priority='500'> <all state='ESTABLISHED,RELATED'/> </rule> <rule action='accept' direction='in' priority='500'> <tcp state='NEW' dstportstart='22'/> </rule> <rule action='accept' direction='out' priority='500'> <all state='NEW'/> </rule> <rule action='drop' direction='inout' priority='500'> <all/> </rule> </fi...

...--start------------->8--- <filter name='p-mgmt' chain='root'> <uuid>94fdd15b-b380-ba8c-6685-91206829adc7</uuid> <filterref filter='clean-traffic'/> <rule action='accept' direction='in' priority='500'> <tcp dstportstart='22'/> </rule> <rule action='drop' direction='inout' priority='1000'> <all/> </rule> </filter> </filter>--8<---------------cut here---------------end--------------->8--- The intent is to allow incoming ssh only....

...filter shipped with libvirt. VM throws the same error above. Any idea why this happens? How can I implement outbound traffic control in libvirt? Thanks a lot. <filter name='filter-test'> <rule action='accept' direction='in' priority='500'> <tcp dstportstart='22'/> </rule> <rule action='accept' direction='out' priority='500'> <ip dstipaddr='IP1'/> </rule> <rule action='accept' direction='out' priority='500'> <ip dstipaddr='IP2'/&g...

...t; > <rule action='accept' direction='out' priority='500'> > <all state='ESTABLISHED,RELATED'/> > </rule> > <rule action='accept' direction='in' priority='500'> > <tcp state='NEW' dstportstart='22'/> > </rule> > <rule action='accept' direction='out' priority='500'> > <all state='NEW'/> > </rule> > <rule action='drop' direction='inout' priority='500'> > <al...

...llowing iptables rules: https://up.tao.at/u/DE7E2638.txt ...and will not filter anything. > <filter name='test-eth0' chain='root'> > <rule action='accept' direction='in' priority='500'> > <tcp srcipaddr='192.168.17.127' dstportstart='22'/> > </rule> > <rule action='drop' direction='in' priority='900'> > <all/> > </rule> > </filter> Will filter port 22 as well. The generated iptables rules are as following: https://up.tao.at/u/423CFFE9.tx...

...el 2.6.34, libvirt 0.8.8) but refused to work on shiny new opensuse 12.4 (kernel 3.7.10, libvirt 1.0.2). The definition of filter in question is pretty simple: <filter name='some-filt' chain='ipv4'> <rule action='accept' direction='in'> <tcp dstportstart='110'/> </rule> <rule action='drop' direction='inout'> <all/> </rule> </filter> So basically it should allow incoming connections to the specified port number and nothing else. After activating this filter on a box in questio...

...w iptables usage works. # cat > /root/spamming.xml <<EOF <filter name='no-spamming' chain='root'> <uuid>d217f2d7-5a04-0e01-8b98-ec2743436b74</uuid> <rule action='drop' direction='out' priority='500'> <tcp dstportstart='25' dstportend='25'/> </rule> </filter> EOF # virsh nwfilter-define /root/spamming.xml # virsh nwfilter-edit clean-traffic ...add <filterref filter='no-spamming'/> All active guests immediately have their iptables/ebtables rules rebuil...

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge