[CentOS] hosted VMs, VLANs, and firewalld
Gordon Messmer
gordon.messmer at gmail.com
Tue Mar 22 06:01:21 UTC 2016
On 03/21/2016 10:18 PM, Devin Reade wrote:
> However, in this case the host won't have addresses on (based on my above
> correction) either br2 or br3. It does sound, though, like having
> enp1so, enp1s0.2, and enpe1s0.3 in the 'DMZ' zone means that filtering
> rules on the host will affect inbound traffic to the VMs on br2 and
> br3.
No, because:
/usr/lib/sysctl.d/00-system.conf:# Disable netfilter on bridges.
/usr/lib/sysctl.d/00-system.conf:net.bridge.bridge-nf-call-ip6tables = 0
/usr/lib/sysctl.d/00-system.conf:net.bridge.bridge-nf-call-iptables = 0
/usr/lib/sysctl.d/00-system.conf:net.bridge.bridge-nf-call-arptables = 0
(Unless you change the defaults)
More information about the CentOS
mailing list