After spending a serious amount of time on google this line fixed it for me.
Now firewalld no longer blocks the dhcp requests that come from the kvm
guest.
firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -m physdev
--physdev-is-bridged -j ACCEPT
There is no mention off this in the manpage of firewall-cmd (or the one for
iptables), nor on the on the firewalld website.
https://fedoraproject.org/wiki/FirewallD
I think a mention of the case : 'how to configure firewalld on a kvm host'
would get some credits from a few people.
Rob
2014-09-29 8:00 GMT+02:00 Rob Verduijn <rob.verduijn(a)gmail.com>:
Hello,
I was wondering if anybody could tell me how to set up firewalld together
with kvm.
For example a fedora 20 host running a centos6.5 guest.
The guest is using bridge0 which is connected to eth0.
What devices do I need to which zone.
Do the virtual devices like vnet1 and vnet2 need to be added to a zone ?
I keep running into walls here (firewalls to be precise), the only thing I
can find on this subject is 'switch back to iptables'.
But I would like to know how to fix this with firewalld.
Anybody who has any ideas on this ?
Cheers
Rob