[libvirt-users] custom iptables rules
Jan
jan at agetty.de
Fri Apr 15 07:34:47 UTC 2011
Hi Kurian,
On 04/09/2011 06:59 PM Kurian Thayil wrote:
> Is there a way that we can add custom IP-Tables rules in a nat'd
> physical host? I need some custom rules mentioned in physical host to
> access some services in the guest systems. Any hints on this?
set your iptables ruleset as you would do it normally e.g. by using your
own firewall-script or the config-tool of the respective distribution
(yast, shorewall [...]).
Usually, before replacing the current ruleset, the firewall script itself
should delete existing all existing chains and also flush all tables.
Finally you will have to restart your libvirt daemon to manipulate the
existing ruleset to reflect it's configuration constraints.
This approach is less tricky as writing a script catching all use cases
needed in order to modify the existing ruleset, which is based on libvirt
definitions. Nevertheless, it would still be nice to see such a feature
which enables the user to manage custom rulesets with libvirt instead.
Hope this helps.. ;)
kind regards
Jan
More information about the libvirt-users
mailing list