similar to: nwfilters seem fundamentally unusable or unfinished

Hi I am using libvirt (0.9.12) with openstack and xen. It looks like libvirt is not creating ebtables rules against arp spoofing etc. Here are my configs: VM definition: <domain type='xen'> <uuid>d49b777f-32f1-4093-ae47-a12efd0efd2c</uuid> <name>instance-00000168</name> <memory>2097152</memory> <os>

On 5/28/2014 10:10 AM, Laine Stump wrote: > On 05/27/2014 02:46 AM, Brian Rak wrote: >> Make sure you have: >> >> /proc/sys/net/bridge/bridge-nf-call-iptables = 1 > That doesn't make sense. bridge-nf-call-iptables controls whether or not > traffic going across a Linux host bridge device will be sent through > iptables, but the rules created by nwfilter are applied

I just wrote this to assist some Red Hat folks understanding what libvirt does with iptables, and thought it is useful info for the whole libvirt community. When I have time I'll adjust this content so that it can fit into the website in relevant pages/places. Firewall / network filtering in libvirt ======================================= There are three pieces of libvirt

Hi all, I've got a problem with nwfilters/iptables. For one of my guest's interfaces, I have established the following filter: --8<---------------cut here---------------start------------->8--- <filter name='p-mgmt' chain='root'> <uuid>94fdd15b-b380-ba8c-6685-91206829adc7</uuid> <filterref filter='clean-traffic'/> <rule

On 05/27/2014 02:46 AM, Brian Rak wrote: > Make sure you have: > > /proc/sys/net/bridge/bridge-nf-call-iptables = 1 That doesn't make sense. bridge-nf-call-iptables controls whether or not traffic going across a Linux host bridge device will be sent through iptables, but the rules created by nwfilter are applied to the "vnetX" tap devices that connect the guest to the

Dear all, I configure my kvm vm like this: <interface type='bridge'> <mac address='52:54:00:dd:b2:c5'/> <source bridge='nw-vpc-1017'/> <target dev='if-57'/> <model type='virtio'/> <filterref filter='clean-traffic'> <parameter name='IP'

1. It takes minutes to start the virtual machine when I add "filterref" to libvirt.xml and run command "virsh start vm1". It also takes minutes to destroy the virtual machine. <interface type="bridge"> <mac address="fa:16:3e:fa:f7:94"/> <target dev="tap69e948b0-bf"/> <source bridge="br02"/> <model

Nakta wrote: > libvirts nwfilter module can achieve that. I read over those resources and I did what I thought would be correct, but it's not having any effect. I created a new nwfilter like this: <filter name='allow-virbr2-vpn' chain='ipv4' priority='-700'> <rule action='accept' direction='in' priority='500'> <all

As planned and after most of the clang detected problems got fixed (thanks Eric !) the new release is available at: ftp://libvirt.org/libvirt/ It's a mixed release, it includes a number of improvements as well as many bug fixes and a few new features: Features: - support various persistent domain updates (KAMEZAWA Hiroyuki) - improvements on memory APIs (Taku Izumi) - Add

On 2018/02/16 12:12 pm, Daniel P. Berrangé wrote: > On Fri, Feb 16, 2018 at 11:59:42AM -0500, Andre Goree wrote: >> I'm trying to determine if it's possible to edit/attach/apply nwfilter >> rules >> at runtime? I.e., after a VM is already running, can I apply a >> nwfilter to >> the VM and have it work without rebooting the machine? Thus far, I've

On Thu, Jan 18, 2018 at 11:30:16AM +0700, Artem Likhachev wrote: >Hello everybody! > >We have a cluster of servers managed by VMmanager 5 KVM (by ispsystem). > >A typical node: > ># cat /etc/redhat-release >CentOS Linux release 7.3.1611 (Core) ># uname -r >3.10.0-693.11.6.el7.x86_64 > ># rpm -qa |grep libvirt

I am unable to install or build libvert for RHEL4-64. Due to the errors below. Is it because all the source/rpms are for Fedora? I don't see any redhat versions on the sources page. Thanks in advance for any help. When running make against the untarred /libvirt-0.9.4.tar.gz configure succeeds but make fails. make all-am make[3]: Entering directory

On 02/08/2016 04:20 PM, Andre Goree wrote: > On 01/11/2016 3:05 pm, Laine Stump wrote: >> On 01/11/2016 02:25 PM, Andre Goree wrote: >>> >>> I have some questions regarding the way that networking is handled >>> via qemu/kvm+libvirt -- my apologies in advance if this is not the >>> proper mailing list for such a question. >>> >>>

Hello everybody! We have a cluster of servers managed by VMmanager 5 KVM (by ispsystem). A typical node: # cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) # uname -r 3.10.0-693.11.6.el7.x86_64 # rpm -qa |grep libvirt libvirt-daemon-driver-qemu-3.7.0-1.el7.centos.x86_64 libvirt-daemon-driver-storage-disk-3.7.0-1.el7.centos.x86_64 libvirt-3.7.0-1.el7.centos.x86_64

Make sure you have: /proc/sys/net/bridge/bridge-nf-call-iptables = 1 On 5/26/2014 1:35 PM, Matt LaPlante wrote: > I'm trying to accomplish what I had hoped would be a fairly simple > filtering of traffic to my VMs, but I'm hitting a snag. The VMs are > allowing traffic when I wouldn't expect them to. > > Host and Guest are both running the same platform: > Ubuntu

Howdy! I have virtual domains running under libvirt. I have a valid xml definition and it starts fine, except when I add the filterref line as below <interface type='bridge'> <mac address='54:52:00:44:36:d7'/> <source bridge='vlan50'/> <target dev='guest_if0'/> <model type='virtio'/>

On 03/30/2018 04:29 PM, Andre Goree wrote: > On 2018/02/16 12:12 pm, Daniel P. Berrang? wrote: >> On Fri, Feb 16, 2018 at 11:59:42AM -0500, Andre Goree wrote: >>> I'm trying to determine if it's possible to edit/attach/apply >>> nwfilter rules >>> at runtime?? I.e., after a VM is already running, can I apply a >>> nwfilter to >>> the VM

Hello all! I try to use network filters for openvswitch interfaces.  This is the xml configuration of my bridge interface <interface type='bridge'>    <mac address='00:11:22:33:44:55'/>    <source bridge='virbr1'/>    <virtualport type='openvswitch'>         <parameters interfaceid='0529d6b5-627c-4330-803f-0d7018e6d496'/>   

I'm trying to accomplish what I had hoped would be a fairly simple filtering of traffic to my VMs, but I'm hitting a snag. The VMs are allowing traffic when I wouldn't expect them to. Host and Guest are both running the same platform: Ubuntu 12.04.4 LTS 0.9.8-2ubuntu17.19 I have a basic bridge enabled on the host: brctl addbr brdg brctl addif brdg eth1 ip link set brdg up The host

[Please keep the list CC-ed as it may help somebody from future when searching for solution to the same problem] On 5/6/19 6:08 PM, nakata@geekpit.org wrote: > Am 2019-05-06 16:26, schrieb Michal Privoznik: >> On 5/6/19 3:44 PM, nakata@geekpit.org wrote: >>> Hi, >>> >>> i want to disable the nwfilter functionality of libvirt. >>> It's surely nice