Bug 969177 - RFE: use firewalld for dynamic firewal configuration
RFE: use firewalld for dynamic firewal configuration
Status: CLOSED WONTFIX
Product: Virtualization Tools
Classification: Community
Component: libvirt (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Libvirt Maintainers
:
Depends On:
Blocks: 1147499
  Show dependency treegraph
 
Reported: 2013-05-30 16:04 EDT by David Jaša
Modified: 2015-07-13 11:34 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1147499 (view as bug list)
Environment:
Last Closed: 2015-07-13 11:34:52 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Jaša 2013-05-30 16:04:31 EDT
Description of problem:
While libvirt has it's own powerfult firewall driver, it would be nice if it could play nicely with firewalld - use it's native interfaces to tell it to open a port when libvirt itself or a managed VM starts listening on it and tell it to filter the port again when the port is not in use anymore.

Using firewalld means that other apps in need of dynamic port opening/closing means that they can ask for their ports, too, without any configuration races etc.

Version-Release number of selected component (if applicable):
1.0

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Michal Privoznik 2015-07-13 11:34:52 EDT
As I've explained in the cloned bug, this is not what we, libvirt developers want. You certainly don't want an application playing with your firewall settings. Then again, libvirt provides variety of APIs to tunnel any data to/from the guest: from virDomainOpenGraphics(), through virDomainOpenConsole() to virDomainOpenChannel().

Note You need to log in before you can comment on or make changes to this bug.