1. Start host with restrictive firewall 2. Startup a virtual machine on that machine 3. Realise the firewall is blocking access to the physical host 4. run "/etc/init.d/iptables stop" iptables has wiped the bridge settings from libvirtd
It did exactly what you asked it todo - it removed all iptables settings :-) You can restore rules by sending libvirtd SIGHUP, or 'service libvirtd reload'
I figured that. But what about UI apps that rely on simply starting/stopping iptables once /etc/sysconfig/iptables? I'm thinking system-config-firewall in particular.
I am sorry, but if you stop iptables, all the chains and rules are dropped. This is intended behavior. s-c-fw does not know about libvirtd, same for all other firewall configuration tools available. Closing as "NOT A BUG".