[libvirt-users] Best practice for custom iptables rules
ZeroUno
zerozerounouno at gmail.com
Thu Jan 9 10:38:59 UTC 2014
Il 08/01/14 16:17, Laine Stump ha scritto:
> On 01/08/2014 01:43 PM, ZeroUno wrote:
>> Also, regarding the "iptables restart problem" described in the last
>> paragraph at <http://libvirt.org/firewall.html>, is there really no
>> acceptable way to make libvirt add its rules back automatically upon
>> iptables/network restart?
>
> Take a look at this, it may help you:
>
> http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections
Uhm, apart from the fact that the page clearly states this is a "hack",
so it's far from being a best practice (although surely easy and
interesting!), AFAICT this might help with adding rules to the NAT
table, which was the first part of my question, but does not help with
the network restart issue because hook scripts are only called upon
libvirt events: libvirt daemon start/stop, guest start/stop...
Did I understand correctly?
> (Recently libvirt gained the ability for an application to register
> functions that will be called when a network is
> defined/undefined/started/stopped, but using that would require an
> application to be running which registered the necessary callback
> functions; not nearly as simple as stuffing a shell script into
Indeed, looks like this would be overkill for my needs.
Thank you!
--
01
More information about the libvirt-users
mailing list