Wednesday, December 01, 2010

[SOLVED] : UFW block KVM Traffic

Today I tried to implement firewall on my Ubuntu Server. There is a tool called ufw which act like an interface to IPTables as an engine for firewall.

Since I'm using KVM as virtualization engine, I just realize that ufw is block all traffic to my VMs. I found a page which is gave me a solution for this.

Based on the clue, I did this :

  • Edit /etc/ufw/before.rules :
# allow the bridged interface
-I FORWARD -m physdev –physdev-is-bridged -j ACCEPT
# don’t delete the ‘COMMIT’ line or these rules won’t be processed
COMMIT
 You must write exactly like that. -m physdev --physdev-is-bridged is a syntax.

  • Edit /etc/sysctl.conf , and add these lines :

###################################################################
# Disable netfilter on the bridge interface for KVM
# Solution is associated with launchpad bug number 573461
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

  • Enable firewall
ufw enable

  • If you do this from remote computer, answer "y" to this questions. But please BE CAREFULL that you might broke you ssh connection. Make sure that you already allow ssh service (and it's port if it is not default) to the firewall. 
Command may disrupt existing ssh connections. Proceed with operation (y|n) ? y
Firewall is active and enabled on system startup
Congrats, now your firewall is online !!

References :

  1. http://blog.agdunn.net/?p=416
  2. https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/573461
Post a Comment