similar to: nwfilter : iptables rules not working

Hello, I'm having problem setting up filtering traffic for a virtual machine managed by libvirt. Strange thing is, such a setup has been working fine for me on an older version of distro (namely, opensuse 11.3 w/updates, kernel 2.6.34, libvirt 0.8.8) but refused to work on shiny new opensuse 12.4 (kernel 3.7.10, libvirt 1.0.2). The definition of filter in question is pretty simple:

Hi, Over the past few days I've been trying to get a prototype working of a stateful firewall for a Virtual Machine using Libvirt's network filters. My goal is to replace the current custom Python/Java code in the Apache CloudStack [0] project by Network Filters of Libvirt. Both IPv4 and IPv6 should work, but I started off with IPv4 and I have issues with accepting back

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge

Hi all, I've got a problem with nwfilters/iptables. For one of my guest's interfaces, I have established the following filter: --8<---------------cut here---------------start------------->8--- <filter name='p-mgmt' chain='root'> <uuid>94fdd15b-b380-ba8c-6685-91206829adc7</uuid> <filterref filter='clean-traffic'/> <rule

i test the following simple filter <filter name='nwfilter-test-fedora2' chain='root'> <uuid>ccbd255f-4be5-4f0f-8835-770ea40cb2c9</uuid> <rule action='accept' direction='out' priority='500'> <tcp dstipaddr='10.1.24.0' dstipmask='24' comment='test test test'/> </rule> </filter> but i

CentOS Errata and Bugfix Advisory 2016:0220 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0220.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 5351c19208e33376954b482dd2be7fccb64a1678079b58a7b711fa517cac5468 libvirt-1.2.17-13.el7_2.3.x86_64.rpm

CentOS Errata and Security Advisory 2016:0459 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0459.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 137b51b4db465e884e85a02862bb4324cb2c09e36645833526af773f66400111 bind-9.9.4-29.el7_2.3.x86_64.rpm

CentOS Errata and Bugfix Advisory 2016:1525 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-1525.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 5a3a1ce10d064860e7107b0151e41947b41c3257f871367e2bb389178f66f82a libblkid-2.23.2-26.el7_2.3.i686.rpm

CentOS Errata and Security Advisory 2016:0083 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0083.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 4b32c17ff1beedcb1f6061718d320fabefdfbc097c158d4b1dae708fd42fdcea libcacard-1.5.3-105.el7_2.3.i686.rpm

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Il giorno lun, 02/09/2019 alle 08.26 +0100, Rowland penny via samba ha scritto: > > set 01 22:36:56 s-addc.studiomosca.net named[639]: samba_dlz: > > cancelling transaction on zone studiomosca.net > > That is showing that a client isn't being allowed to update a record. Is it possible to cure it in some way? > > [2] ----[smb.conf] > > > Please do not post

CentOS Errata and Bugfix Advisory 2016:0191 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0191.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 403d80798714012380d2f1ce4980ea8edf2549b3397ebfd24fd88b6224cf57cd selinux-policy-3.13.1-60.el7_2.3.noarch.rpm

CentOS Errata and Bugfix Advisory 2016:0545 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0545.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 4a890d19c477aa9512dddc6cfe4299065ec1e1cb6bc96f850f45a0f877959b65 tuned-2.5.1-4.el7_2.3.noarch.rpm

CentOS Errata and Security Advisory 2016:1292 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1292.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 1ac92fe486fd71d4cc09beff30d5fb2170bedf62601379478ec445ac860bc632 libxml2-2.9.1-6.el7_2.3.i686.rpm

CentOS Errata and Bugfix Advisory 2016:1291 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-1291.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 73f7aa5fe34b8168a43c3d02763ec9b570fbadac1fb7d7402af4f121b85db160 corosync-2.3.4-7.el7_2.3.x86_64.rpm

On Wed, 24 Apr 2019 at 06:01, likun <kun.li at ucarinc.com> wrote: > Hi?guys. > > There is a wierd problem with iptables recently, hopes somebody can help > me. > > I have installed Centos 7.2.1511 on a bare metal Dell server these days, > disabled firewalld and enabled iptables.services, and setup a group of very > simple rules, as the following: > > I believe

Hi?guys. There is a wierd problem with iptables recently, hopes somebody can help me. I have installed Centos 7.2.1511 on a bare metal Dell server these days, disabled firewalld and enabled iptables.services, and setup a group of very simple rules, as the following: # iptables-save # Generated by iptables-save v1.4.21 on Tue Apr 23 09:15:14 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Hello, Stephen, thank you for input. Yes, these servers have the same firewall rules, and both of them have the same problem from time to time, most of time they are good. Actually, these servers are newly installed to be used as the Glusterfs storage server, so not much data flowing at this time. >From the sysctl output, I suppose it can't be a conntrack table overflow :