On Thu, 2019-09-05 at 10:23 +0200, Bjoern Voigt wrote:
Martin Wilck wrote:
What bothers me more is that one of the advertized advantages of firewalld, playing nicely with libvirt's virtual networking, doesn't work for me on openSUSE. I keep typing firewall-cmd commands to fix packet flow between virtual and real networks. I'm probably just missing something... Could you please give us some examples of your FirewallD commands for LibvirtD guests? How you integrated these FirewallD commands?
Very simple, I have an "internal" zone which basically allows every traffic, and I do something like firewall-cmd --zone=internal --change-interface=virbr0 However, my expectation was that this wouldn't be necessary. https://libvirt.org/firewall.html suggests that it basically should just autmagically work out of the box with a special zone called "libvirt", but for that we'd need firewalld 0.7.0 or newer. Which begs the question why TW is still at firewalld 0.6.3, 3 releases behind upstream. Even the devel project is still at 0.6.4. Martin
Until now, FirewallD works acceptable on my Desktop, but I have trouble with LibvirtD KVM guests, OpenVPN networks, Docker and LXC.
And I have trouble with my DLNA client which accesses my MythTV server. (Also with SuSEfirewall2 I had to write custom script rules for DLNA access.)
Currently I locked SuSEfirewall2 so that the package management could not remove the package.
Greetings, Björn