mirror of https://gitee.com/openkylin/libvirt.git
313a71ee7b
While the default iptables setup used by Fedora/RHEL distros only restricts traffic on the INPUT and/or FORWARD rules, some users might have custom firewalls that restrict the OUTPUT rules too. These can prevent DHCP/DNS/TFTP responses from dnsmasq from reaching the guest VMs. We should thus whitelist these protocols in the OUTPUT chain, as well as the INPUT chain. Signed-off-by: Malina Salina <malina.salina@protonmail.com> Initial patch then modified to add unit tests and IPv6 support Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> |
||
---|---|---|
.. | ||
base.args | ||
nat-default-linux.args | ||
nat-default.xml | ||
nat-ipv6-linux.args | ||
nat-ipv6.xml | ||
nat-many-ips-linux.args | ||
nat-many-ips.xml | ||
nat-no-dhcp-linux.args | ||
nat-no-dhcp.xml | ||
nat-tftp-linux.args | ||
nat-tftp.xml | ||
route-default-linux.args | ||
route-default.xml |