On Thu, 2019-09-05 at 10:23 +0200, Bjoern Voigt wrote:
Martin Wilck wrote:
What bothers me more is that one of the
advertized advantages of
firewalld, playing nicely with libvirt's virtual networking,
doesn't
work for me on openSUSE. I keep typing firewall-cmd commands to fix
packet flow between virtual and real networks. I'm probably just
missing something...
Could you please give us some examples of your FirewallD commands for
LibvirtD guests? How you integrated these FirewallD commands?
Very simple, I have an "internal" zone which basically allows every
traffic, and I do something like
firewall-cmd --zone=internal --change-interface=virbr0
However, my expectation was that this wouldn't be necessary.
https://libvirt.org/firewall.html suggests that it basically should
just autmagically work out of the box with a special zone called
"libvirt", but for that we'd need firewalld 0.7.0 or newer.
Which begs the question why TW is still at firewalld 0.6.3, 3 releases
behind upstream. Even the devel project is still at 0.6.4.
Martin
Until now, FirewallD works acceptable on my Desktop, but I have
trouble
with LibvirtD KVM guests, OpenVPN networks, Docker and LXC.
And I have trouble with my DLNA client which accesses my MythTV
server.
(Also with SuSEfirewall2 I had to write custom script rules for DLNA
access.)
Currently I locked SuSEfirewall2 so that the package management could
not remove the package.
Greetings,
Björn