libvirt installs firewall rules on package upgrades
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Invalid
|
High
|
Unassigned |
Bug Description
libvirt recently had a security upgrade. Every time the package has an upgrade it re-installs firewall rules with means all my VMs loose Internet connectivity.
After upgrade:
nafallo@pony:~$ sudo iptables -vnL
Chain INPUT (policy ACCEPT 3943M packets, 2378G bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- bklabs * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- bklabs * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- bklabs * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- bklabs * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT 14G packets, 11T bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * bklabs 0.0.0.0/0 91.194.67.9
0 0 ACCEPT all -- bklabs * 91.194.67.9 0.0.0.0/0
38 3992 ACCEPT all -- bklabs bklabs 0.0.0.0/0 0.0.0.0/0
367 34537 REJECT all -- * bklabs 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-
271 17023 REJECT all -- bklabs * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-
Chain OUTPUT (policy ACCEPT 2317M packets, 1709G bytes)
pkts bytes target prot opt in out source destination
Fix: nafallo@pony:~$ sudo iptables -F
My setup is not the default, but I'm bored of having the package upgrades break my setup.
Not to confuse the matter, but here is my network template for the network (the other parts of how things work is in my quagga config):
nafallo@pony:~$ cat /etc/libvirt/ qemu/networks/ bklabs. xml bklabs< /name> "91.194. 67.9" netmask= "255.255. 255.255" />
<network>
<name>
<bridge name="bklabs"/>
<forward mode="route"/>
<ip address=
</network>