From mboxrd@z Thu Jan 1 00:00:00 1970 From: Phil Daws Subject: Re: Virtual Firewall Date: Thu, 14 Mar 2013 15:52:57 +0000 (GMT) Message-ID: <430358763.232770.1363276377111.JavaMail.root@innovot.com> References: <1620287954.20155160.1363275050545.JavaMail.root@redhat.com> Reply-To: Phil Daws Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org To: Andrew Cathrow Return-path: Received: from mx1.dc1.innovot.com ([77.73.4.109]:49668 "EHLO mx1.dc1.innovot.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932394Ab3CNPyH (ORCPT ); Thu, 14 Mar 2013 11:54:07 -0400 In-Reply-To: <1620287954.20155160.1363275050545.JavaMail.root@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: ----- Original Message ----- From: "Andrew Cathrow" To: "Phil Daws" Cc: kvm@vger.kernel.org Sent: Thursday, 14 March, 2013 3:30:50 PM Subject: Re: Virtual Firewall ----- Original Message ----- This is well supported in libvirt [1] If you don't want to use libvirt then you can at least run to test the rules that are created or look at the code. [1] http://libvirt.org/firewall.html > > Thanks. > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Thank you Andrew. I believe the underlying problem is my understanding of how KVM handles network interfaces. You have bridge, macvtap, nat etc. All I wish todo is to have one physical bridged network and X+ virtual networks that can route through a single guest. Is that impossible ? I don't think it is as I can do two networks with the default NAT. Thanks.