On Wednesday 02 September 2009 12:20:47 Mark McLoughlin wrote:
On Wed, 2009-09-02 at 11:45 -0400, Gene Czarcinski wrote:
> Just what is and is not filtered? Is nothing filtered on the host.
Not sure I understand all your questions, but with
bridge-nf-call-iptables = 1 the iptables FORWARD filter chain is applied
to all frames forwarded across bridges.
That does not completely answer my question.
As far as any guests using the br0 interface goes, I want no filtering ... the
guest is assumed to provide any filtering or other protections desired.
However, as far as the hosts on which the guests run, that is a different
matter. My host(s) run other functions as well as qemu-kvm guests and I would
prefer that "standard" filtering of host network I/O be performed. Now, as a
matter of fact, I am not that worried about filtering on any host (real or
guest) which is connected to my local LAN since they all reside behind a
firewall with access to the big-eye Internet.
Nevertheless, for those who DO have a host directly connected to the Internet,
it would be "nice to know" if any filtering is being performed in the host.
I suppose I am going to have to set up some tests and see if I can figure out