Bug 414341 - "iptables stop" kills libvirt port forwarding
"iptables stop" kills libvirt port forwarding
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-12-06 11:41 EST by Bastien Nocera
Modified: 2007-12-11 10:03 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-12-11 10:03:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bastien Nocera 2007-12-06 11:41:43 EST
1. Start host with restrictive firewall
2. Startup a virtual machine on that machine
3. Realise the firewall is blocking access to the physical host
4. run "/etc/init.d/iptables stop"

iptables has wiped the bridge settings from libvirtd
Comment 1 Daniel Berrange 2007-12-06 11:54:27 EST
It did exactly what you asked it todo - it removed all iptables settings :-)

You can restore rules by sending libvirtd SIGHUP, or 'service libvirtd reload'
Comment 2 Bastien Nocera 2007-12-06 13:11:53 EST
I figured that. But what about UI apps that rely on simply starting/stopping
iptables once /etc/sysconfig/iptables?

I'm thinking system-config-firewall in particular.
Comment 3 Thomas Woerner 2007-12-11 10:03:18 EST
I am sorry, but if you stop iptables, all the chains and rules are dropped. This
is intended behavior. s-c-fw does not know about libvirtd, same for all other
firewall configuration tools available.

Closing as "NOT A BUG".

Note You need to log in before you can comment on or make changes to this bug.