Bug 1188088
Summary: | libvirt should change to use iptables and ebtabels after stop firewalld when libvirtd is running | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Luyao Huang <lhuang> |
Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> |
Status: | CLOSED WONTFIX | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.1 | CC: | berrange, dyuan, jiahu, mzhan, rbalakri |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-02 09:42:05 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Luyao Huang
2015-02-02 02:51:24 UTC
No, we really don't want to dynamically change the firewall backend. When you see Firewalld name disappear from DBus, it is not reasonable to assume the admin wants to stop using it. The name could be disappearing because the firewalld service is being restarted for some reason. If we try to fallback to plain iptables and firewalld starts again, it will cause us no end of pain. It is not common practice to change between firewalld & iptables on a host - it is something an admin will typically decide once when provisioning the host and not change after that, so optimizing for this one time only change of decision is not a good idea. |