Red Hat Bugzilla – Bug 414341
"iptables stop" kills libvirt port forwarding
Last modified: 2007-12-11 10:03:18 EST
1. Start host with restrictive firewall
2. Startup a virtual machine on that machine
3. Realise the firewall is blocking access to the physical host
4. run "/etc/init.d/iptables stop"
iptables has wiped the bridge settings from libvirtd
It did exactly what you asked it todo - it removed all iptables settings :-)
You can restore rules by sending libvirtd SIGHUP, or 'service libvirtd reload'
I figured that. But what about UI apps that rely on simply starting/stopping
iptables once /etc/sysconfig/iptables?
I'm thinking system-config-firewall in particular.
I am sorry, but if you stop iptables, all the chains and rules are dropped. This
is intended behavior. s-c-fw does not know about libvirtd, same for all other
firewall configuration tools available.
Closing as "NOT A BUG".