[libvirt-users] Why does libvirt use XML firewall rules?
Hansa
mythtv at logic-q.nl
Wed Dec 14 09:09:13 UTC 2011
On 12/12/2011 14:20, Hansa wrote
> Hi there,
>
> When creating a VM with a persistent virtual network, libvirt creates
> an XML file with firewall definitions and stores it in
> /etc/libvirt/<hypervisor>/networks/. The XML file is (to my knowledge)
> incompatible with iptables-restore. Therefore you cant manage your
> firewall with other iptables (GUI) tools unless libvirt lets you a)
> import extra rules, b) has an option to export the XML rules into
> iptables-save format or c) something else. If a) , b) or c) is possible
> then this discussion is of course useless and I would be pleased to
> know how its done :)
>
> If not, then lets get the discussion started.
> IMHO, saving rules into XML instead of using iptables-save is absurd
> since youll have to code stuff which is already coded. Also youll
> make it incompatible with the tools which are readily available. Why go
> for this approach and what do we get from it?
>
> Best regards,
>
> -Hansa
Bump...
Why does libvirt use XML firewall rules?
More information about the libvirt-users
mailing list