libvirt and network filtering with nat - iptables overrides

iptables nat kvm-virtualization libvirt

Solution 1:

You can create your own NAT network instead which means libvirt won't add any firewall rules. See the Custom NAT-based Network on this libvirt Networking Handbook.

Solution 2:

I feel your pain. I really wish libvirt supported this better.

Create a script that applies the port forwarding firewall rules on your guest. Be sure to use iptables -I so that your rules are inserted before libvirt's REJECT rule.

You need to use hooks to run that script each time libvirt starts or is reloaded.

Also, you should make sure that the rules for libvirt and your port forwarding aren't saved in /etc/sysconfig/iptables. Let libvirt and your hook set those up.

Related

My webserver is getting flooded with invalid requests
How do I make an AWS RDS MySQL Read "replica" have a different schema?
How to set the auto scaling policy based upon memory
Appending a line to a file if it doesn't exist using Puppet
Active Directory management tools for medium sized forest (less than 1000 users) [closed]
How to test IPv6 and IPv4 web server? [closed]
How to use most of memory available on MySQL
Apache: mod-rewrite to look up missing images in another directory
wbadmin backup all local drives
How to configure failover for JBoss AS 5?
Puppet: variable overriding best practices
Automated Network Mapping