Bug 969177

Summary: RFE: use firewalld for dynamic firewal configuration
Product: [Community] Virtualization Tools Reporter: David Jaša <djasa>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED WONTFIX QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: fschwarz, mprivozn, rbalakri
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1147499 (view as bug list) Environment:
Last Closed: 2015-07-13 15:34:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1147499    

Description David Jaša 2013-05-30 20:04:31 UTC 
Description of problem:
While libvirt has it's own powerfult firewall driver, it would be nice if it could play nicely with firewalld - use it's native interfaces to tell it to open a port when libvirt itself or a managed VM starts listening on it and tell it to filter the port again when the port is not in use anymore.

Using firewalld means that other apps in need of dynamic port opening/closing means that they can ask for their ports, too, without any configuration races etc.

Version-Release number of selected component (if applicable):
1.0

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Michal Privoznik 2015-07-13 15:34:52 UTC 
As I've explained in the cloned bug, this is not what we, libvirt developers want. You certainly don't want an application playing with your firewall settings. Then again, libvirt provides variety of APIs to tunnel any data to/from the guest: from virDomainOpenGraphics(), through virDomainOpenConsole() to virDomainOpenChannel().