1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-25 01:34:11 +03:00
libvirt/tests/networkxml2firewalldata
Malina Salina 313a71ee7b network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules
While the default iptables setup used by Fedora/RHEL distros
only restricts traffic on the INPUT and/or FORWARD rules,
some users might have custom firewalls that restrict the
OUTPUT rules too.

These can prevent DHCP/DNS/TFTP responses from dnsmasq
from reaching the guest VMs. We should thus whitelist
these protocols in the OUTPUT chain, as well as the
INPUT chain.

Signed-off-by: Malina Salina <malina.salina@protonmail.com>

Initial patch then modified to add unit tests and IPv6
support

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-18 18:49:54 +01:00
..
base.args network: delay global firewall setup if no networks are running 2019-05-23 16:29:48 +01:00
nat-default-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
nat-default.xml Add test for converting network XML to iptables rules 2014-04-25 15:44:09 +01:00
nat-ipv6-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
nat-ipv6.xml Add test for converting network XML to iptables rules 2014-04-25 15:44:09 +01:00
nat-many-ips-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
nat-many-ips.xml Add test for converting network XML to iptables rules 2014-04-25 15:44:09 +01:00
nat-no-dhcp-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
nat-no-dhcp.xml Add test for converting network XML to iptables rules 2014-04-25 15:44:09 +01:00
nat-tftp-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
nat-tftp.xml Add test for converting network XML to iptables rules 2014-04-25 15:44:09 +01:00
route-default-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
route-default.xml Add test for converting network XML to iptables rules 2014-04-25 15:44:09 +01:00