[libvirt-users] Best practice for custom iptables rules
Laine Stump
laine at laine.org
Mon Jan 13 12:05:19 UTC 2014
On 01/10/2014 06:02 PM, ZeroUno wrote:
> Il 09/01/14 13:40, Laine Stump ha scritto:
>
>> you asked for "best", not "ideal" :-) Aside from eliminating all use of
>
> ;)
>
>> solve by itself. But that same paragraph also tells you how to have the
>> iptables service signal libvirt to reload its iptables rules.
>
> Sorry, what do you mean? I'm not able to find such an indication in
> that page...
Hmm, I guess you're right - the final paragraph of
http://libvirt.org/firewall.html doesn't tell you *how* to do that, it
just tells you that you need to. Depending on your Linux distro and
version, you could do this with a local modification to the script that
starts/stops the iptables service - e.g.
/usr/libexec/iptables/iptables.init when systemd is in use, or
/etc/init.d/iptables for for initscripts. Of course this is also a hack,
as it's liable to be overwritten when the iptables package is updated :-(
More information about the libvirt-users
mailing list