[Bug 746497] Re: libvirt installs firewall rules on package upgrades

Nafallo Bjälevik 746497 at bugs.launchpad.net
Fri Apr 1 16:40:21 UTC 2011 

nafallo at pony:/etc/libvirt/qemu/networks$ ls -l *
-rw-r--r-- 1 root root  151 2009-01-20 22:52 bklabs.xml
lrwxrwxrwx 1 root root   10 2010-11-19 20:06 default.xml -> bklabs.xml
-rw-r--r-- 1 root root  231 2011-03-15 22:23 default.xml.dpkg-new
-rw-r--r-- 1 root root  153 2008-09-15 22:39 lchost.xml

autostart:
total 0
lrwxrwxrwx 1 root root 14 2011-03-31 16:14 default.xml -> ../default.xml

nafallo at pony:~$ sudo diff -ruN /etc/libvirt/qemu/networks/bklabs.xml /var/lib/libvirt/network/bklabs.xml 
--- /etc/libvirt/qemu/networks/bklabs.xml	2009-01-20 22:52:22.000000000 +0000
+++ /var/lib/libvirt/network/bklabs.xml	2010-05-20 20:21:13.000000000 +0100
@@ -1,6 +1,8 @@
 <network>
   <name>bklabs</name>
-  <bridge name="bklabs"/>
-  <forward mode="route"/>
-  <ip address="91.194.67.9" netmask="255.255.255.255"/>
+  <uuid>7c33807a-4c59-b922-5ef6-10d030ab496b</uuid>
+  <forward mode='route'/>
+  <bridge name='bklabs' stp='on' delay='0' />
+  <ip address='91.194.67.9' netmask='255.255.255.255'>
+  </ip>
 </network>

nafallo at pony:~$ sudo service libvirt-bin restart && sudo iptables -vnL && sudo iptables -F
libvirt-bin start/running, process 28098
Chain INPUT (policy ACCEPT 3962M packets, 2383G bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  bklabs *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
    0     0 ACCEPT     tcp  --  bklabs *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 
    0     0 ACCEPT     udp  --  bklabs *       0.0.0.0/0            0.0.0.0/0           udp dpt:67 
    0     0 ACCEPT     tcp  --  bklabs *       0.0.0.0/0            0.0.0.0/0           tcp dpt:67 

Chain FORWARD (policy ACCEPT 14G packets, 11T bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      bklabs  0.0.0.0/0            91.194.67.9         
    0     0 ACCEPT     all  --  bklabs *       91.194.67.9          0.0.0.0/0           
   42  4683 ACCEPT     all  --  bklabs bklabs  0.0.0.0/0            0.0.0.0/0           
  583 48146 REJECT     all  --  *      bklabs  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
  415 24630 REJECT     all  --  bklabs *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain OUTPUT (policy ACCEPT 2319M packets, 1710G bytes)
 pkts bytes target     prot opt in     out     source               destination


I'm not going to reboot, since that's very non-trivial with this host.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/746497

Title:
  libvirt installs firewall rules on package upgrades

More information about the Ubuntu-server-bugs mailing list