[CentOS-virt] iptables and kvm
James B. Byrne
byrnejb at harte-lyne.ca
Tue Jun 22 09:32:04 EDT 2010
I am experimenting with a kvm virtual machine. At the moment I
trying to configure iptables for the the host instance. In Xen
terms I would call this Dom0 but I do not know the appropriate KVM
term, if any.
The setup I have is a single NIC (eth0) host bridged (bridge0). I
want iptables to allow all host generated traffic (! bridge0 I
think) and to check all other traffic for brute force attempts
coming in over the LAN.
I have the following rules in /etc/sysconfig/iptables:
. . .
-A GENERAL -m comment ! -i bridge0 -j ACCEPT
. . .
-A GENERAL -m comment -m state -i bridge0 --state NEW -j KNOCKD
-A GENERAL -p tcp -m comment -m tcp -m multiport -m state -m recent
-i bridge0 --state NEW --dports 20,21,22,23,110,143 --set --name
IN_THROTTLE --rsource
and so forth. But when I reload the config file and do an iptables
--list | grep bridge then I see nothing. I cannot discern what it is
that I am doing wrong. Obviously there is something about bridge0
as an interface option that iptables does not like but it is not
giving me any error message.
What am I doing wrong and what is the correct way to accomplish this?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the CentOS-virt
mailing list