[libvirt] Enhancing clean-traffic to work with IPv6
Brian Rak
brak at gameservers.com
Thu Apr 3 21:28:35 UTC 2014
I'm looking into adding IPv6 support to the nwfilter clean-traffic
rules, but I'm unsure of the best approach to this. I'm planning on
sending patches once I get this correct, so I'm trying to figure out
what way fits in best.
There's a couple different ways I can think of:
1) Explicitly add v6 rules to the existing clean-traffic rules. This
would enable IPv6 for guests whenever libvirt was upgraded, which may be
a problem.
2) Add another filter chain (clean-ipv6-traffic) that would do the same
thing as clean-traffic, just for IPv6
3) Add another filter chain (clean-ipv6-ipv4-traffic), that would clean
IPv6 traffic, and include the clean-traffic filter set
The limitation here is that IP learning will not work for IPv6, so
actually using IPv6 is going to require passing in parameters to filter
specifying what ranges the guest should be allowed to use. I think this
rules out #1.
Any suggestions?
More information about the libvir-list
mailing list