mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 22:25:25 +00:00
Libvirt provides a portable, long term stable C API for managing the
virtualization technologies provided by many operating systems. It
includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware
vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER
Hypervisor.
c567853089
IPtables will seek to preserve the source port unchanged when doing masquerading, if possible. NFS has a pseudo-security option where it checks for the source port <= 1023 before allowing a mount request. If an admin has used this to make the host OS trusted for mounts, the default iptables behaviour will potentially allow NAT'd guests access too. This needs to be stopped. With this change, the iptables -t nat -L -n -v rules for the default network will be Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes) pkts bytes target prot opt in out source destination 14 840 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 75 5752 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24 * src/network/bridge_driver.c: Add masquerade rules for TCP and UDP protocols * src/util/iptables.c, src/util/iptables.c: Add source port mappings for TCP & UDP protocols when masquerading. |
||
---|---|---|
.gnulib@1629006348 | ||
build-aux | ||
daemon | ||
docs | ||
examples | ||
include | ||
m4 | ||
po | ||
proxy | ||
python | ||
src | ||
tests | ||
tools | ||
.gitignore | ||
.gitmodules | ||
.mailmap | ||
.x-sc_avoid_ctype_macros | ||
.x-sc_avoid_if_before_free | ||
.x-sc_avoid_write | ||
.x-sc_m4_quote_check | ||
.x-sc_prohibit_always_true_header_tests | ||
.x-sc_prohibit_asprintf | ||
.x-sc_prohibit_gethostby | ||
.x-sc_prohibit_gethostname | ||
.x-sc_prohibit_gettext_noop | ||
.x-sc_prohibit_have_config_h | ||
.x-sc_prohibit_HAVE_MBRTOWC | ||
.x-sc_prohibit_nonreentrant | ||
.x-sc_prohibit_readlink | ||
.x-sc_prohibit_strcmp | ||
.x-sc_prohibit_strcmp_and_strncmp | ||
.x-sc_prohibit_strncpy | ||
.x-sc_prohibit_test_minus_ao | ||
.x-sc_prohibit_VIR_ERR_NO_MEMORY | ||
.x-sc_require_config_h | ||
.x-sc_require_config_h_first | ||
.x-sc_trailing_blank | ||
.x-sc_unmarked_diagnostics | ||
acinclude.m4 | ||
AUTHORS | ||
autobuild.sh | ||
autogen.sh | ||
bootstrap | ||
bootstrap.conf | ||
cfg.mk | ||
ChangeLog-old | ||
configure.ac | ||
COPYING.LIB | ||
HACKING | ||
libvirt.pc.in | ||
libvirt.spec.in | ||
Makefile.am | ||
Makefile.nonreentrant | ||
mingw32-libvirt.spec.in | ||
README | ||
README-hacking | ||
TODO |
LibVirt : simple API for virtualization Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). It is free software available under the GNU Lesser General Public License. Virtualization of the Linux Operating System means the ability to run multiple instances of Operating Systems concurrently on a single hardware system where the basic resources are driven by a Linux instance. The library aim at providing long term stable C API initially for the Xen paravirtualization but should be able to integrate other virtualization mechanisms if needed. Daniel Veillard <veillard@redhat.com>