Displaying 18 results from an estimated 18 matches similar to: "Passing multiple addresses with masks to nwfilter"
2020 Jan 01
0
Re: Passing multiple addresses with masks to nwfilter
Looking at
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-virtual_networking-applying_network_filtering#sect-Applying_network_filtering-Usage_of_variables_in_filters,
it sounds like the preferred approach is to use something like:
<filter name='no-ipv6-spoofing' chain='ipv6-ip'
2012 Nov 07
1
NWFilter and IPv6
Hi,
Libvirt's nwfilter ships a number of useful filter scripts by default, but
none to handle IPv6 traffic. Is there a particular reason for that, or is that
just because nobody has got around to that yet?
One interesting thing about dealing with IPv6 traffic is that hosts often have
several auto-configured addresses, usually at least one auto-configured link-
local address under
2018 Mar 29
1
nwfilter multiple IPs
I'm trying to apply a nwfilter rule for two networks on the same guest
interface, like so:
~ # virsh nwfilter-dumpxml 1081532-private-both
<filter name='1081532-private-both' chain='root'>
<uuid>16004b94-2b62-4568-9467-169908eb4040</uuid>
<rule action='accept' direction='in' priority='500'>
<ip
2019 Jun 03
1
Easy solution for custom firewall rules-
Nakta wrote:
> libvirts nwfilter module can achieve that.
I read over those resources and I did what I thought would be correct,
but it's not having any effect.
I created a new nwfilter like this:
<filter name='allow-virbr2-vpn' chain='ipv4' priority='-700'>
<rule action='accept' direction='in' priority='500'>
<all
2018 Jul 02
1
Re: East-west traffic network filter
On Fri, Jun 29, 2018 at 3:40 AM Thiago Oliveira <cpv.thiago@gmail.com>
wrote:
> Hi Ales,
>
> I would like to prevent the guests from different subnets start a
> communication. In other words I have the subnet 192.168.1.0/24 and
> 192.168.2.0/24 and the guests from 192.168.1.0/24 cannot reach/talk with
> guests on 192.168.2.0/24 at the same host. Is this possible using a
2005 Jun 02
3
Net > DMZ > AllowFTP
Lables:
Gateway = 209.5.171.65
Netmask = 255.255.255.192
Eth0 = net = 209.5.171.66
Eth1 = loc = 192.168.0.1
There is no NAT clients, in essence loc is dmz. I can rename loc to dmz
if that helps. Proxy/ARP is used for IP addresses 209.5.171.67-126
Problem:
Using the Shorewall Action AllowFTP does not result in desired behavior
when connecting from Internet to machines behind firewall in DMZ. From
2018 Jun 28
4
East-west traffic network filter
Hello,
I would like to make filter that allows communication only between
specified VMs. Those VMs should be specified by their MAC address. The
filter should extend clean-traffic but I was not able to get it working
with that reference. I have came up with modified clean-traffic which works
fine [1]. Is there a way to achieve the same behavior with reference to
clean-traffic?
Thank you.
Best
2011 Feb 18
0
altering virtual network driver iptables behavior
I have the need to modify the behavior of the virtual network driver's
behavior and how it deals with routed networks. I'm running
libvirt-0.8.3-2.fc14.
According to http://libvirt.org/firewall.html, the following is
automatically added to the FORWARD chain of iptables when a network type
of "routed" is started up:
"Allow inbound, but only to our expected subnet.
2009 Jul 16
0
xen-3.0.3-80.el5_3.3 on RHEL 5.3 -- peth0 and xenbr0 don''t exist
Has anyone ran into this issue before?
2 physical nics:
eth0 hooked up to 10.175.8.0/21
eth1 hooked up to 10.150.8.0/24
Ifconfig -a looks like this:
[root@mgixen1 ~]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:19:B9:F2:1B:C3
inet addr:10.175.8.158 Bcast:10.175.15.255
Mask:255.255.248.0
inet6 addr: fe80::219:b9ff:fef2:1bc3/64 Scope:Link
UP
2018 Nov 08
0
Problems getting nwfilter to work
Hi folks,
I'm using libvirt 3.9.0 running under CentOS 7.5. I want the guests,
which are all within the same subnet (e.g. 10.0.0.x.), only talk to
their default gateway (e.g. 10.0.0.1) but to each other. This is caused
by a design issue of our network platform. I set up a filter rule and
attached it to the interface of a guest using nwfilter-define:
<filter name='private_ip'
2007 Nov 28
6
Problems installing/running svn-code
Hi,
The last couple of days I''ve been trying to get back on the wxRuby-horse
however I''ve ran into some problems while compiling/testing the
subversion sources. Mind, the 1.9.2 official release works fine.
Absolutely no problems whatsoever.
The first hurdle was that the rake install target doesn''t work. It fails
on rakewx.rb:145. Looking into it I found that
2019 May 31
2
Easy solution for custom firewall rules- is it possible?
Hello All-
I've looked in several places and haven't found an answer to this
question: is it possible to have libvirt add custom rules to iptables
for virtual network interfaces? I took a look at the "Firewall and
Network Filtering in Libvirt" page and it seems overly complicated for
what I want to do.
Given an interface virbr2 and its network 192.168.4.0/24, libvirt
installs
2013 Jul 08
6
Getting nwfilter to work on Debian Wheezy
Hi,
I'm trying to configure nwfilter for KVM, but so far I haven't managed
to figure out a working configuration.
Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is
connected via eth0, part of the external subnet 192.168.17.0/24, and has
an additional subnet 192.168.128.160/28 routed to its main address
192.168.17.125.
The host's subnet is configured as bridge
2008 Jul 07
5
IPSEC tunnel up, but no traffic coming through
Hi all,
I finally got my IPSec tunnel from my Fedora firewall system (running
Shorewall 4.0.6) to a remote Draytek Router up-and-running, but I''m having
difficulties directing traffic through the tunnel. From the output of
"racoon -F -f racoon.conf" and the connection status page of the Draytek I
can tell the tunnel is UP, but ping and traceroute requests to several hosts
2013 Jul 15
2
Re: The firewall just doesn't make any sense
Could *somebody* shed some light on how the firewall is supposed to
work? I haven't even managed to get trivial firewall rules to work. As
mentioned, the examples in the documentation generate completely
nonsensical rulesets, and if I try writing my own, they make even less
sense.
For example:
> <filter name='test-eth0' chain='root'>
> <rule
2018 Dec 25
2
Network filters with clean-traffic not working on Debian Stretch
Hello,
I'm recently stumbled over the libvirt network filter capabilities and
got pretty excited. Unfortunately I'm not able to get the the
"clean-traffic" filterset working. I'm using a freshly installed Debian
Stretch with libvirt, qemu and KVM.
My config snippet looks as follows:
sudo virsh edit <VM>
[...]
<interface type='bridge'>
<mac
2018 Jul 20
2
SSSD on CentOS 7 failing to start when connecting to 4.8.3 AD via LDAP
I've been going around in circles with this for days and I'm stuck. I'm
trying to run up a new AD environment with only Samba 4.8.3 servers that
we'll authenticate user server access against via SSSD/LDAP using a simple
bind. All of our servers are either CentOS 6 or 7.
I've created a test environment with a single Samba AD 4.8.3 server as the
AD server, a Windows 7 client
2010 Jun 30
0
FYI: a short guide to libvirt & network filtering iptables/ebtables use
I just wrote this to assist some Red Hat folks understanding
what libvirt does with iptables, and thought it is useful info
for the whole libvirt community. When I have time I'll adjust
this content so that it can fit into the website in relevant
pages/places.
Firewall / network filtering in libvirt
=======================================
There are three pieces of libvirt