0

In the past i had a hypervisor set up with libvirt/KVM and IPtables in order to have VMs reachable through NAT on IPv4 (forwarding and masquerading don in iptables) and directly on IPv6 (routed network configured in libvirt), according to this tutorial collection (Example 1).

Since i wanted to switch to CentOS 7, which comes now with firewalld as default, i thought it would be reasonable to use firewalld instead of iptables.

Can i use firewalld as a "drop in replacement" for this purpose or are there limitations or problems with libvirt?

user393856
  • 185
  • 3
  • 15

1 Answers1

1

When libvirtd starts up it will automatically probe to see if firewalld is available. If it is running, then libvirtd will use firewalld DBus APIs, instead of running iptables directly. So this from POV everything that libvirt does wrt firewall rules should continue to "just work" if you have firewalld enabled.

If you are adding custom firewall rules yourself, separately from those libvirtd adds, then you can use the firewall-cmd --direct option which essentially allows a straight pass-through mode - almost every option you would use with the iptables command is valid for firewall-cmd --direct

DanielB
  • 1,618
  • 7
  • 7