[CentOS-virt] iptables and kvm

Tue Jun 22 13:32:04 UTC 2010
James B. Byrne <byrnejb at harte-lyne.ca>

I am experimenting with a kvm virtual machine.  At the moment I
trying to configure iptables for the the host instance.  In Xen
terms I would call this Dom0 but I do not know the appropriate KVM
term, if any.

The setup I have is a single NIC (eth0) host bridged (bridge0).  I
want iptables to allow all host generated traffic (! bridge0 I
think) and to check all other traffic for brute force attempts
coming in over the LAN.

I have the following rules in /etc/sysconfig/iptables:
.  .  .
-A GENERAL -m comment ! -i bridge0 -j ACCEPT
.  .  .
-A GENERAL -m comment -m state -i bridge0 --state NEW -j KNOCKD
-A GENERAL -p tcp -m comment -m tcp -m multiport -m state -m recent
-i bridge0 --state NEW --dports 20,21,22,23,110,143  --set --name
IN_THROTTLE --rsource

and so forth.  But when I reload the config file and do an iptables
--list | grep bridge then I see nothing. I cannot discern what it is
that I am doing wrong.  Obviously there is something about bridge0
as an interface option that iptables does not like but it is not
giving me any error message.

What am I doing wrong and what is the correct way to accomplish this?

***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3