Disable libvirt nwfilter rules


Please note that this blog has been moved.

Now it has its own domain: mynixworld.info🙂

If you want to read the latest version of this article (recommended) please click here and I open the page for you.

By default the libvirt daemon will create some iptables rules for its NAT virtual network (if any). Those rules may not be exactly what you want, so the question is “how to disable them?”.

One possible solution (by the book) is to create a bridged virtual network instead of the NAT one.

If that is too complicated for you then you can hack the init script of libvirtd daemon (/etc/init.d/libvirtd) like I did.

All you have to do is to change the start() function from this one:

start() {
    ebegin "Starting libvirtd"
    start-stop-daemon --start --env KRB5_KTNAME=/etc/libvirt/krb5.tab \
    --exec /usr/sbin/libvirtd -- -d ${LIBVIRTD_OPTS}
    eend $?
}

to the following one:

start() {
    ebegin "Starting libvirtd"
    start-stop-daemon --start --env KRB5_KTNAME=/etc/libvirt/krb5.tab \
    --exec /usr/sbin/libvirtd -- -d ${LIBVIRTD_OPTS}
      ebegin "  My hack: flushing libvirt iptables rules..."
        sleep 1
        /sbin/iptables -F <your_chain or your_rules>
      eend $?
    eend $?
}

About Eugen Mihailescu

Always looking to learn more about *nix world, about the fundamental concepts of arithmetic, algebra and geometry. I am also passionate about programming, database and systems administration.
This entry was posted in kvm, linux and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s