Hello I've started playing with libvirt and I have question? What is proper way to make guest accessible from net. I have mode=nat /var/lib/libvirt/network/default.xml. libvirtd makes this rules in FORWARD chain -A FORWARD -d 192.168.231.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.231.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j REJECT --reject-with icmp-host-prohibited If I add iptables -I FORWARD -i eth0 -o virbr0 -j ACCEPT guests are accessible My question is: Is is possible write this somewhere to configuration? I've tried to put it in /etc/sysconfig/iptables but it libvirtd put his rules before mine. I've found two directories /var/lib/libvirt/iptables/filter /var/lib/libvirt/iptables/nat I suppose I can write my rules here but I haven't find any docs about format. Can somebody help me with it? Pavel -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
