Bug 546064
Summary: | system-config-firewall destroys libvirt's iptables rules | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jeff Bastian <jbastian> |
Component: | libvirt | Assignee: | Daniel Veillard <veillard> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 12 | CC: | apevec, berrange, clalance, crobinso, itamar, jforbes, markmc, twoerner, veillard, virt-maint |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-12-10 12:02:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jeff Bastian
2009-12-09 22:09:17 UTC
This might be a duplicate of bug 539744 This is a bug in libvirt. libvirt was adding custom rules files to the firewall configuration to have the same setup if the firewall has been restarted. At the moment the files are not integrated into the firewall anymore and additionally they are empty. Reassigning to libvirt. libvirt has no sane was of integrating with iptables We previously tried using lokkit, but if the user had configured iptables manually (i.e. without lokkit) we'd end up clobbering their rules We simply need a way to say to iptables "we've added these rules, please load them when you restart" without overwriting the current configuration. We also need lokkit/system-config-firewall to not overwrite these rules when the user modifies the configuration The whole sorry saga is well documented in bug #227011 *** This bug has been marked as a duplicate of bug 227011 *** In the meantime, workaround is to issue service libvirtd reload after running s-c-firewall to re-insert iptable rules. |