mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
network: firewalld: add policies for routed networks
Signed-off-by: Eric Garver <eric@garver.life> Reviewed-by: Laine Stump <laine@redhat.com>
This commit is contained in:
parent
722b012166
commit
2a461957b1
@ -1915,6 +1915,9 @@ exit 0
|
|||||||
%if %{with_firewalld_zone}
|
%if %{with_firewalld_zone}
|
||||||
%{_prefix}/lib/firewalld/zones/libvirt.xml
|
%{_prefix}/lib/firewalld/zones/libvirt.xml
|
||||||
%{_prefix}/lib/firewalld/zones/libvirt-routed.xml
|
%{_prefix}/lib/firewalld/zones/libvirt-routed.xml
|
||||||
|
%{_prefix}/lib/firewalld/policies/libvirt-routed-in.xml
|
||||||
|
%{_prefix}/lib/firewalld/policies/libvirt-routed-out.xml
|
||||||
|
%{_prefix}/lib/firewalld/policies/libvirt-to-host.xml
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%files daemon-driver-nodedev
|
%files daemon-driver-nodedev
|
||||||
|
11
src/network/libvirt-routed-in.policy
Normal file
11
src/network/libvirt-routed-in.policy
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<policy target="ACCEPT">
|
||||||
|
<short>libvirt-routed-in</short>
|
||||||
|
|
||||||
|
<description>
|
||||||
|
This policy is used to allow routed traffic to the virtual machines.
|
||||||
|
</description>
|
||||||
|
|
||||||
|
<ingress-zone name="ANY" />
|
||||||
|
<egress-zone name="libvirt-routed" />
|
||||||
|
</policy>
|
12
src/network/libvirt-routed-out.policy
Normal file
12
src/network/libvirt-routed-out.policy
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<policy target="ACCEPT">
|
||||||
|
<short>libvirt-routed-out</short>
|
||||||
|
|
||||||
|
<description>
|
||||||
|
This policy is used to allow routed virtual machine traffic to the rest of
|
||||||
|
the network.
|
||||||
|
</description>
|
||||||
|
|
||||||
|
<ingress-zone name="libvirt-routed" />
|
||||||
|
<egress-zone name="ANY" />
|
||||||
|
</policy>
|
20
src/network/libvirt-to-host.policy
Normal file
20
src/network/libvirt-to-host.policy
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<policy target="REJECT">
|
||||||
|
<short>libvirt-to-host</short>
|
||||||
|
|
||||||
|
<description>
|
||||||
|
This policy is used to filter traffic from virtual machines to the
|
||||||
|
host.
|
||||||
|
</description>
|
||||||
|
|
||||||
|
<ingress-zone name="libvirt-routed" />
|
||||||
|
<egress-zone name="HOST" />
|
||||||
|
|
||||||
|
<protocol value='icmp'/>
|
||||||
|
<protocol value='ipv6-icmp'/>
|
||||||
|
<service name='dhcp'/>
|
||||||
|
<service name='dhcpv6'/>
|
||||||
|
<service name='dns'/>
|
||||||
|
<service name='ssh'/>
|
||||||
|
<service name='tftp'/>
|
||||||
|
</policy>
|
@ -106,5 +106,20 @@ if conf.has('WITH_NETWORK')
|
|||||||
install_dir: prefix / 'lib' / 'firewalld' / 'zones',
|
install_dir: prefix / 'lib' / 'firewalld' / 'zones',
|
||||||
rename: [ 'libvirt-routed.xml' ],
|
rename: [ 'libvirt-routed.xml' ],
|
||||||
)
|
)
|
||||||
|
install_data(
|
||||||
|
'libvirt-to-host.policy',
|
||||||
|
install_dir: prefix / 'lib' / 'firewalld' / 'policies',
|
||||||
|
rename: [ 'libvirt-to-host.xml' ],
|
||||||
|
)
|
||||||
|
install_data(
|
||||||
|
'libvirt-routed-out.policy',
|
||||||
|
install_dir: prefix / 'lib' / 'firewalld' / 'policies',
|
||||||
|
rename: [ 'libvirt-routed-out.xml' ],
|
||||||
|
)
|
||||||
|
install_data(
|
||||||
|
'libvirt-routed-in.policy',
|
||||||
|
install_dir: prefix / 'lib' / 'firewalld' / 'policies',
|
||||||
|
rename: [ 'libvirt-routed-in.xml' ],
|
||||||
|
)
|
||||||
endif
|
endif
|
||||||
endif
|
endif
|
||||||
|
Loading…
Reference in New Issue
Block a user