On 01/23/2014 07:14 AM, Thomas Woerner wrote:
libvirt is using passthrough rules at the moment. These are not added
to
the _direct chains.
Ok.
But yes, it would be good to have special chains for libvirt to be
able
to have some sepratation and to be able to identify easily where it
comes from.
Great :)
You can look at the rule set, sure. The use of "iptables
-L" is safe and
you can use it without problems. But adding, editing or removing rules
is not a good idea while firewalld is active.
BTW: I suggest to use the "iptables-save" command. It is showing rules
for all tables and additionally in the iptables format. For IPv6 use
"ip6tables-save".
Thanks for the tip! That's definitely much better than doing "iptables
-L" for each of the tables when I want to compare (diff) the before &
after of firewalld changes.
Thanks for the help Thomas.
Regards,
Jorge