Hi,
I was wondering if there was any way to change the default iptable rules created by libvirt when it start up. The line I’m interested in changing is as follows:
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
I want to change it to:
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
The reason for this change is that without allow NEW connections, PREROUTING and DNATing to internal KVM guests doesn’t work. Thanks.