I plan to use libvirt for virtual machines, however I will not be using the virbr0 interface but my own br0 that is bridged with eth0. Should I leave these in here or can I remove them? I feel they are interfering with something. The default iptables rules that libvirt created are these
Code:
*nat
:PREROUTING ACCEPT [106:6522]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE -$
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE -$
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Wed Aug 5 13:42:08 2015
# Generated by iptables-save v1.4.20 on Wed Aug 5 13:42:08 2015
*mangle
:PREROUTING ACCEPT [671:55154]
:INPUT ACCEPT [669:54896]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [532:65124]
:POSTROUTING ACCEPT [532:65124]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
I know how to get rid of the rules with the -A (I just replace it with -D) but I do not know how to get rid of the rules that start with * or :
I also know how to disable the libvirt network via here
http://docs.openstack.org/networking...c_libvirt.html
