[libvirt] [PATCH] util: refactor iptables command construction into multiple steps
Natanael Copa
ncopa at alpinelinux.org
Mon Dec 3 15:28:13 UTC 2012
On Thu, 22 Nov 2012 15:02:18 +0100
Natanael Copa <ncopa at alpinelinux.org> wrote:
> Instead of creating an iptables command in one shot, do it in steps
> so we can add conditional options like physdev and protocol.
>
> This removes code duplication while keeping existing behaviour.
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> ---
>
> This started with me wanting to add support for setting the public ip source
> address when network mode='nat' and there are multiple public ip addresses
> on the external interface.
>
> On IRC we talked about adding an option in the xml like this:
> <network>
> <forward mode='nat' publicaddr='n.n.n.n'/>
> </network>
>
> Which would make iptables use '-j SNAT --to-source n.n.n.n' instead of
> '-j MASQUERADE'.
I have a working patch for the above and it appears to work. I wonder
if we want go for 'publicaddr' as the attribute name?
-nc
More information about the libvir-list
mailing list