Suppress or control netfilter rules created by libvirtd
Oliver Schneider
Borbarad at gmxpro.net
Thu Dec 30 18:38:42 UTC 2010
Hi again,
is there truly no one with an idea about the topic or did I violate some
code of conduct? :)
Thanks,
// Oliver
On 2010-12-27 21:40, Oliver Schneider wrote:
> Hi,
>
> I'm running 10.04 LTS (x64) with latest updates applied. On the machine
> in question I use kvm to host some virtual machines.
>
> Now the problem is that I would like to DNAT some stuff through to a
> virtual machine, but that machine is already covered by the (apparently
> more generic) rules. However, the problem does not seem to be with the
> nat table (PREROUTING chain) itself. The rules in there seem to work as
> expected.
>
> In the FORWARD chain I need to make it explicit what ports I want to
> forward where (because my policy is set to drop). However, libvirtd
> inserts its rules at the top of that chain after my rules get inserted
> via post-up and post-down in /etc/network/interfaces, so these rules
> take precedence over the rules I have in my script.
>
> Now the question(s): is there a way to suppress the rules applied by
> libvirtd or to make sure they are applied elsewhere in the chain?
> Alternatively is there a way to "hook" this process of libvirtd starting
> without too much customization that might blow up next time I do an
> apt-get upgrade?
>
> Currently I have to remove and then apply my rules again - manually - so
> they take precedence.
>
>
> Thanks,
>
> // Oliver
>
More information about the ubuntu-users
mailing list