[libvirt-users] Modify Iptables Rules (virbr0 & virbr1)
Jorge Fábregas
jorge.fabregas at gmail.com
Tue Aug 13 14:29:25 UTC 2013
On 08/13/2013 07:23 AM, Laine Stump wrote:
> There hasn't been any substantial change in the iptables rules added by
> libvirt for virtual networks in a long time;
I guess this is due to the fact that, in the enterprise (oVirt/RHEV),
bridge networking is mainly used over "virtual-networks".
> Sure, that's simple if you're going to start/stop all virtual networks
> together as a group. It's more complicated if you want each network to
> operate independently of the other (i.e. t obe able to start/stop each
> network without affecting the others). Possibly the way to do that would
> be to create separate chains for the allow and block.
You're right: that's the correct way to handle this (using chains).
> You're welcome to write a patch for it :-)
Yeah I know it's easy to pinpoint a problem... I would have provided a
patch If I were a coder, believe me :) I guess I can open an
enhancement-request (perhaps for F21) with pseudo-code on how to handle
the different events (something that would be easy for someone familiar
with the code to implement).
With the upcoming snapshot functionality in virt-manager I hope many
end-users start using it more and subsequently the virtual-networks.
Thanks!
--
Jorge
More information about the libvirt-users
mailing list