[libvirt-users] nwfilter and address of network ip address
Nicolas Bock
nicolasbock at gmail.com
Mon May 8 16:39:00 UTC 2017
On Mon, May 08, 2017 at 04:57:58PM +0100, Daniel P. Berrange wrote:
>On Mon, May 08, 2017 at 11:30:46AM -0400, Nicolas Bock wrote:
>> On Mon, May 08, 2017 at 03:35:19PM +0100, Daniel P. Berrange wrote:
>> > On Sat, May 06, 2017 at 08:09:49PM -0400, Dan wrote:
>> > > On Fri, May 5, 2017 at 4:29 PM, Nicolas Bock <nicolasbock at gmail.com> wrote:
>> > >
>> > > > Hi,
>> > > >
>> > > > I am running a webserver on the libvirt host and would like to add a
>> > > > nwfilter such that a VM can access that server. The corresponding iptables
>> > > > rule would look like this:
>> > > >
>> > > > iptables --append INPUT --in-interface virbr0 --destination 192.168.122.1
>> > > > --protocol tcp --dport 80 --jump ACCEPT
>> > > >
>> > > > where the network is using virbr0 and sits at 192.168.122.1. I don't want
>> > > > to hardcode the host IP address in the nwfilter so that I can use that
>> > > > filter for other networks. Is it possible to reference the host's IP
>> > > > address in the filter?
>> >
>> > There is a pre-defined parameter for the VM's own IP address:
>> >
>> > http://libvirt.org/formatnwfilter.html#nwfelemsRulesAdvIPAddrDetection
>> >
>> > but we don't have anything for the host's IP address. We could fairly
>> > easily add it though I reckon - eg provide a HOST_IP parameter.
>>
>> Thanks Daniel.
>
>BTW, please don't misinterpret this to mean i'm going to actually implement
>this myself. I mostly meant a) file a RFE bug report against libvirt's
>upstream bug tracker b) if you feel motivated to look at it, you could
>try writing a patch for libvirt and submit it :-)
No, I hadn't interpreted your statement like you were going to
implement it :)
I'll file a bug. And I'll have a look at the code.
Thanks,
Nick
>Regards,
>Daniel
More information about the libvirt-users
mailing list