similar to: Problems with nwfilters/iptables

Hi, I contact you as i have difficulties to use nwfilter with KVM host. I want to implemente flow filtering between my Linux guests. I created the following filter : cat admin-dmz-internet.xml <filter name='admin-dmz-internet'> <!-- this zone is an SSH ingoing only zone --> <!-- but SSH can go to an other SSH proxy --> <filterref

Hi, Over the past few days I've been trying to get a prototype working of a stateful firewall for a Virtual Machine using Libvirt's network filters. My goal is to replace the current custom Python/Java code in the Apache CloudStack [0] project by Network Filters of Libvirt. Both IPv4 and IPv6 should work, but I started off with IPv4 and I have issues with accepting back

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge

Hello, I'm having problem setting up filtering traffic for a virtual machine managed by libvirt. Strange thing is, such a setup has been working fine for me on an older version of distro (namely, opensuse 11.3 w/updates, kernel 2.6.34, libvirt 0.8.8) but refused to work on shiny new opensuse 12.4 (kernel 3.7.10, libvirt 1.0.2). The definition of filter in question is pretty simple:

Hello! I just spent the last four days working with nwfilters only to decide that they are apparently unusable. I've come to the mailing list seeking input on this subject. First off, please forgive my offensiveness. I'm sure people worked hard on nwfilters and it looks like a lot of effort went into providing this functionality. This is also an extremely difficult subject to get

On Tue, Jan 14, 2014 at 02:57:35PM +0000, Исаев Виталий Анатольевич wrote: > Dear Rich, thank you for a prompt reply on my question. The similar > problems have been found with all of the rest Thin Provisioned disks > in the cluster, while all the Preallocated disks were handled with > libguestfs correctly. I guess these issues were caused by (b) and > probably (c) reasons: >

i test the following simple filter <filter name='nwfilter-test-fedora2' chain='root'> <uuid>ccbd255f-4be5-4f0f-8835-770ea40cb2c9</uuid> <rule action='accept' direction='out' priority='500'> <tcp dstipaddr='10.1.24.0' dstipmask='24' comment='test test test'/> </rule> </filter> but i

-----Original Message----- From: Richard W.M. Jones [mailto:rjones@redhat.com] Sent: Tuesday, January 14, 2014 4:42 PM To: Исаев Виталий Анатольевич Cc: libguestfs@redhat.com Subject: Re: [Libguestfs] Libguestfs can't launch with one of the disk images in the RHEV cluster On Tue, Jan 14, 2014 at 08:07:43AM +0000, Исаев Виталий Анатольевич wrote: > [00072ms] /usr/libexec/qemu-kvm \

On Fri, Jan 17, 2014 at 02:38:43PM +0000, Исаев Виталий Анатольевич wrote: > 3. Now I go to the RHEV-H to look for the disk image itself: > > [root@rhevh1 /]# find / -name cc6e4400-7c98-4170-9075-5f5790dfcff3 > /dev/1a9aa971-f81f-4ad8-932f-607034c924fc/cc6e4400-7c98-4170-9075-5f5790dfcff3 >

Hi I am using libvirt (0.9.12) with openstack and xen. It looks like libvirt is not creating ebtables rules against arp spoofing etc. Here are my configs: VM definition: <domain type='xen'> <uuid>d49b777f-32f1-4093-ae47-a12efd0efd2c</uuid> <name>instance-00000168</name> <memory>2097152</memory> <os>

-----Original Message----- From: Richard W.M. Jones [mailto:rjones@redhat.com] Sent: Friday, January 17, 2014 4:40 PM To: Исаев Виталий Анатольевич Cc: libguestfs@redhat.com Subject: Re: [Libguestfs] LVM mounting issue On Fri, Jan 17, 2014 at 09:45:34AM +0000, Исаев Виталий Анатольевич wrote: > Be sure, that “unknown device” was not written by me :) > > I use libguestfs 1.16.34:

Hi All, I am new to libvirt and encounter a strange problem to set up network filter in a NAT network. I launched VMs in a single host using NAT, i.e. interface type='network'. Now I want to control the outbound traffic from VM instance - only allow the VM to asses a set of ip addresses. My network filter xml is as follows. The problem is once I change the VM xml, shutdown and start VM,

Hi, I zero-filled first 10MiB of my SSD(dd if=/dev/zero of=/dev/sda bs=10M count=1). As expected, this wiped my primary GPD header and first partition. Before the wipe, GPT was following: Disk /dev/sda: 250069680 sectors, 119.2 GiB Logical sector size: 512 bytes Disk identifier (GUID): 2EFD285D-F8E6-4262-B380-232E866AF15C Partition table holds up to 128 entries First usable sector is 34, last

Hi All, I am new to libvirt and encounter a strange problem to set up network filter in a NAT network. I launched VMs in a single host using NAT, i.e. interface type='network'. Now I want to control the outbound traffic from VM instance - only allow the VM to asses a set of ip addresses. My network filter xml is as follows. The problem is once I change the VM xml, shutdown and start VM,

Maybe my google-fu is failing me, but I have spent the past couple hours looking at how to add a vnet? Device to my KVM host running CentOS 6, and for the life of me I can't get this going. >From all my research if I want to add a device I should just do 'brctl addif br1 vnet14' if I want to add a vnet14 to bridge br1. When I do this, I get: # brctl addif br0 vnet14

I just wrote this to assist some Red Hat folks understanding what libvirt does with iptables, and thought it is useful info for the whole libvirt community. When I have time I'll adjust this content so that it can fit into the website in relevant pages/places. Firewall / network filtering in libvirt ======================================= There are three pieces of libvirt

On 02/14/2014 08:40 PM, h0rst wrote: > Hello! > > Since i could not find any information on the internet about this subject, i'm going to try my luck on this list. > > I'm trying to setup network-filter on a routed setup. I have a root-server at Hetzner, a german hosting provider. > Along with my server i ordered a (/28) subnet to be able to setup dedicated IPs for my

Could *somebody* shed some light on how the firewall is supposed to work? I haven't even managed to get trivial firewall rules to work. As mentioned, the examples in the documentation generate completely nonsensical rulesets, and if I try writing my own, they make even less sense. For example: > <filter name='test-eth0' chain='root'> > <rule

Hi folks, I'm having the problem that my guests are most of the time not reachable via IPv6 and cant connect to IPv6 hosts, but if I ping the public IPv6-Adress of my bridge, the host can use IPv6 again. This is for incomming and outgoing traffic. I've attached my network xml file. virsh version reports this: Compiled against library: libvirt 1.2.4 Using library: libvirt 1.2.4 Using

I would stop the VM, edit its definition file (that's an XML file) and then start it up. But be careful: After you edit the XML file, you need to execute a command so KVM re-reads that file. I forgot that command, but you can look it up on Google. On Dec 9, 2015 7:52 AM, "Howard Leadmon" <howard at leadmon.net> wrote: > > > Maybe my google-fu is failing me, but I have