Bug 969177 - RFE: use firewalld for dynamic firewal configuration
Summary: RFE: use firewalld for dynamic firewal configuration
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Libvirt Maintainers
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1147499
TreeView+ depends on / blocked
 
Reported: 2013-05-30 20:04 UTC by David Jaša
Modified: 2015-07-13 15:34 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
: 1147499 (view as bug list)
Environment:
Last Closed: 2015-07-13 15:34:52 UTC
Embargoed:


Attachments (Terms of Use)

Description David Jaša 2013-05-30 20:04:31 UTC
Description of problem:
While libvirt has it's own powerfult firewall driver, it would be nice if it could play nicely with firewalld - use it's native interfaces to tell it to open a port when libvirt itself or a managed VM starts listening on it and tell it to filter the port again when the port is not in use anymore.

Using firewalld means that other apps in need of dynamic port opening/closing means that they can ask for their ports, too, without any configuration races etc.

Version-Release number of selected component (if applicable):
1.0

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Michal Privoznik 2015-07-13 15:34:52 UTC
As I've explained in the cloned bug, this is not what we, libvirt developers want. You certainly don't want an application playing with your firewall settings. Then again, libvirt provides variety of APIs to tunnel any data to/from the guest: from virDomainOpenGraphics(), through virDomainOpenConsole() to virDomainOpenChannel().


Note You need to log in before you can comment on or make changes to this bug.