[libvirt-users] Why does libvirt use XML firewall rules?

[Hansa]

Hi there,

 

When creating a VM with a persistent virtual network, libvirt creates an XML
file with firewall definitions and stores it in
/etc/libvirt/<hypervisor>/networks/. The XML file is (to my knowledge)
incompatible with iptables-restore. Therefore you can’t manage your firewall
with other iptables (GUI) tools unless libvirt lets you a) import extra
rules, b) has an option to export the XML rules into iptables-save format or
c) something else. If a) , b) or c) is possible then this discussion is of
course useless and I would be pleased to know how it’s done :)

 

If not, then let’s get the discussion started.

IMHO, saving rules into XML instead of using iptables-save is absurd since
you’ll have to code stuff which is already coded. Also you’ll make it
incompatible with the tools which are readily available. Why go for this
approach and what do we get from it?

 

Best regards,

 

-Hansa

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20111212/23769316/attachment.htm>