1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 17:34:18 +03:00
libvirt/tests/networkxml2firewalldata
Malina Salina 313a71ee7b network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules
While the default iptables setup used by Fedora/RHEL distros
only restricts traffic on the INPUT and/or FORWARD rules,
some users might have custom firewalls that restrict the
OUTPUT rules too.

These can prevent DHCP/DNS/TFTP responses from dnsmasq
from reaching the guest VMs. We should thus whitelist
these protocols in the OUTPUT chain, as well as the
INPUT chain.

Signed-off-by: Malina Salina <malina.salina@protonmail.com>

Initial patch then modified to add unit tests and IPv6
support

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-10-18 18:49:54 +01:00
..
base.args
nat-default-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
nat-default.xml
nat-ipv6-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
nat-ipv6.xml
nat-many-ips-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
nat-many-ips.xml
nat-no-dhcp-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
nat-no-dhcp.xml
nat-tftp-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
nat-tftp.xml
route-default-linux.args network: allow DHCP/DNS/TFTP explicitly in OUTPUT rules 2019-10-18 18:49:54 +01:00
route-default.xml