[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netcf-devel
Subject:    [netcf-devel] Fwd: network interface management in bridge firewall configuration
From:       aatrof () gmail ! com (Aleksander Trofimowicz)
Date:       2010-06-18 7:37:23
Message-ID: AANLkTilGMtz-AxaCFJXT-9U1wxUwTYNw7Li49LFeQlDY () mail ! gmail ! com
[Download RAW message or body]

forwarded as this is a subscriber-only mailing list apparently

---------- Forwarded message ----------
From:?Aleksander Trofimowicz <aatrof at gmail.com>
To:?netcf-devel at lists.fedorahosted.org
Date:?Thu, 17 Jun 2010 17:01:20 +0200
Subject:?network interface management in bridge firewall configuration
Hello,

I'm just wondering why I can't manage my network interfaces ?through
libvirt when the following kernel parameters are turned on:

net.bridge.bridge-nf-call-ip6tables
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-arptables

Is it a bug or by design? If the latter, could someone explain me
premises of such decision? I'm aware of security implications of
mixing conntrack and bridge bits, so we can skip that point.

This behaviour is noticeable when using:
libvirt-0.8.1-1.fc13.x86_64
netcf-libs-0.1.6-1.fc13.x86_64

--
thanks,
aleksander trofimowicz

[prev in list] [next in list] [prev in thread] [next in thread]