How do I prevent libvirt from adding iptables rules for guest NAT networks?

Posted by Jack Douglas on Server Fault See other posts from Server Fault or by Jack Douglas
Published on 2012-12-10T11:30:44Z Indexed on 2012/12/10 23:06 UTC
Read the original article Hit count: 300

Filed under:

iptables

|

kvm-virtualization

|

libvirt

Similar to this old request on BugZilla for Fedora 8, I'm hoping something has changed since then or someone knows another way.

I want to manage the iptables rules by hand—the one-size-fits-all automatic rules don't suit me at all. These rules seem to be added and removed when a network is started and destroyed. Is there a way of either preventing these rules being added at all or hooking a script into the network start that restores the default rules afterwards.

For now, I'm using a very crude method with cron, but I hope there is a better way:

  *  *  *  *  * root    iptables-restore < /etc/sysconfig/iptables

© Server Fault or respective owner

Related posts about iptables

Sometimes this script fails to update the iptables

as seen on Server Fault - Search for 'Server Fault'
It does not happen often, but sometimes after running the below script, checking the iptables with service iptables status shows that they weren't updated and the script doesn't output any error. The iptables is structured as look-up tree (long repeated sections snipped): #!/bin/sh iptables -t… >>> More
My current iptable configuration doesn't work [on hold]

as seen on Server Fault - Search for 'Server Fault'
sudo chkconfig iptables off /etc/init.d/iptables on ### Clear/flush iptables sudo iptables -F sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT ### Allow SSH iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables… >>> More
L2TP iptables port forward

as seen on Server Fault - Search for 'Server Fault'
Hi all, I'm setting up port forwarding for an L2TP VPN connection to the local Windows 2003 VPN server. The router is a simpel Debian machine with iptables. The VPN server works perfect. But I cannot log in from the WAN. I'm missing something. The VPN server is using a pre-shared key (L2TP) and… >>> More
iptables -P FORWARD DROP makes port forwarding slow

as seen on Server Fault - Search for 'Server Fault'
I have three computers, linked like this: box1 (ubuntu) box2 router & gateway (debian) box3 (opensuse) [10.0.1.1] ---- [10.0.1.18,10.0.2.18,10.0.3.18] ---- [10.0.3.15] | box4, www [10.0.2.1] Among other… >>> More
IPtables AWS EC2 NAT/Reverse NAT - For Reverse Proxy style setup but with IPtables

as seen on Server Fault - Search for 'Server Fault'
I was thinking initially needing to do a reverse proxy or something so I could get some SSL/TLS traffic look like it is being terminated at a server and IP address in the AWS cloud, and then that traffic is forwarded onto our actual web servers that aren't in the cloud... I've not done much iptables… >>> More

Related posts about kvm-virtualization

CentOS / Redhat Linux: Setup KVM Virtualization

as seen on Internet.com - Search for 'Internet.com'
<b>nixCraft: </b>"KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware containing virtualization extensions Intel VT or AMD-V. How do I install KVM under CentOS or Red Hat Enterprise Linux version 5.5?" >>> More
Linux KVM virtualization gains steam in cloud computing market

as seen on Internet.com - Search for 'Internet.com'
<b>Network Worldh:</b> "The Linux KVM hypervisor is gaining steam in the cloud computing market, with two major vendors using the virtualization software to create cloud platforms to compete against Amazon's popular EC2 service." >>> More
What is the best distro to host a KVM virtualization solution

as seen on Server Fault - Search for 'Server Fault'
I am looking for a Server oriented distro that we can expect have decent support but also offer as much as possible some of the latest features that KVM might offer. I am leaning towards Ubuntu LTS 10.04, because well it's LTS and more bleeding edge, but I find Ubuntu not serious enough in terms… >>> More
virt-manager can't open the display

as seen on Server Fault - Search for 'Server Fault'
My virt-manager was working just fine and all of a sudden stopped working, throwing in error: RuntimeError: could not open display root@rakcal ~]# echo $DISPLAY localhost:10.0 [root@rakcal ~]# virt-manager Traceback (most recent call last): File "/usr/share/virt-manager/virt-manager.py", line… >>> More
Yum update not working on CentOS 6.2 minimal install

as seen on Server Fault - Search for 'Server Fault'
Note: This is my first question on the stack exchange network so please give mercy and provide guidance where needed. I have installed a CentOS 6.2 KVM guest and I am having problem getting yum to work. This is my first time working with CentOS so I feel that it's a setting somewhere that I am missing… >>> More