On 22.01.2014 19:26, Jorge Fábregas wrote:
On 01/22/2014 11:45 AM, Thomas Woerner wrote:
> Yes, the _direct chains are used for direct rules, that are added to
> netfilter built-in chains. You can also create own chains and use them
> as a target in a _direct rule...
Thank you guys. I guess then that libvirt should use it since, as soon
as you start libvirt, you see all these rules thrown in for the INPUT
built-in, as opposed to be using INPUT_direct (they're using the direct
interface).
Say whaaat? :)
https://fedoraproject.org/wiki/FirewallD#The_Daemon
"With the so called direct interface other services (like for example
libvirt) are able to add own rules using iptables arguments and parameters."
poma