On 01/23/2014 07:14 AM, Thomas Woerner wrote:
libvirt is using passthrough rules at the moment. These are not added to the _direct chains.
Ok.
But yes, it would be good to have special chains for libvirt to be able to have some sepratation and to be able to identify easily where it comes from.
Great :)
You can look at the rule set, sure. The use of "iptables -L" is safe and you can use it without problems. But adding, editing or removing rules is not a good idea while firewalld is active.
BTW: I suggest to use the "iptables-save" command. It is showing rules for all tables and additionally in the iptables format. For IPv6 use "ip6tables-save".
Thanks for the tip! That's definitely much better than doing "iptables -L" for each of the tables when I want to compare (diff) the before & after of firewalld changes.
Thanks for the help Thomas.
Regards, Jorge